34931 matches found
Security Bulletin: Due to IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities.
Summary IBM Db2 vulnerabilities have been found in IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connec...
Security Bulletin: AIX/VIOS is affected by arbitrary code execution (CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517) due to Python
Summary Vulnerabilities in Python could allow an attacker to execute arbitrary code CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools ...
Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution (CVE-2025-27516)
Summary IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution. IBM SOAR QRadar Plugin app has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating...
Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-53506, CVE-2025-52434 and CVE-2025-52520 )
Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-53506 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that...
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0 Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did n...
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0 Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability (CVE-2024-56339)
Summary IBM WebSphere Application Server and Webphere Application Server Liberty are affected by a security bypass caused by a failure to honor security configuration. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server...
Security Bulletin: The B2B API of IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service (CVE-2025-25193)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...
Security Bulletin: Carbon design system packages
Summary Various packages are vulnerable to multiples CVEs and can be resolved by updating to [email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected]....
Security Bulletin: Insufficiently protected credentials and improper output neutralization for logs might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to insufficiently protected credentials and improper output neutralization for logs. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing...
Security Bulletin: AS4 of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting (CVE-2025-33008)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cross-site scripting security vulnerability Vulnerability Details CVEID:CVE-2025-33008 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an...
Security Bulletin: The Container Version of the B2B API of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-2988)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure security vulnerability Vulnerability Details CVEID:CVE-2025-2988 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive server information to an unauthorized use...
Security Bulletin: IBM WebSphere Application Server which is bundled with WebSphere Remote Server, could provide weaker than expected security (CVE-2025-33142)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a ty...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by ...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-33142)
Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) could provide weaker than expected security
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM could provide weaker than expected security CVE-2025-33142 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-36097, CVE-2024-56339)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-43204, CVE-2024-43394, CVE-2024-42516 , CVE-2025-54090]
Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-43204, CVE-2024-43394, CVE-2024-42516 , CVE-2025-54090 Vulnerability Details Refer to the security...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-27907,CVE-2025-33104, CVE-2025-36038)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server, which impacts IBM Tivoli Netcool Configuration Manager
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Multiple vulnerabilities were addressed in IBM WebSphere Application Server CVE-2024-56339, CVE-2025-36097, CVE-2024-43204, CVE-2024-43394, CVE-2024-42516. Vulnerability...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2015-5305 DESCRIPTION: Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with...
Security Bulletin: IBM Datapower Operations Dashboard could allow attackers to create new valid signatures different from previous signatures for a known message CVE-2020-36843
Summary EdDSA is used by the IBM Datapower Operations Dashboard for its cryptographic implementation Vulnerability Details CVEID:CVE-2020-36843 DESCRIPTION: The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA...
Security Bulletin: IBM Datapower Operations Dashboard could lead to excessive CPU consumption CVE-2024-29857
Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS befo...
Security Bulletin: IBM i is affected by an authenticated user gaining elevated privileges due to a web session hijacking vulnerability in IBM Digital Certificate Manager for i [CVE-2025-36119].
Summary IBM i is affected by a user authenticated to IBM Digital Certificate Manager for i gaining elevated privileges due to a web session hijacking vulnerability as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as describ...
Security Bulletin: IBM QRadar Log Source Management app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Log Source Management app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is ...
Security Bulletin: IBM QRadar Data Synchronization app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management v11.6.3. Vulnerability Details CVEID:CVE-2025-30698 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity and low...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-48976)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service attack due to an Apache Commons FileUpload vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerabili...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-33142)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a weaker than expected security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the securit...
Security Bulletin: A security vulnerability has been discovered in IBM Verify Identity Access OIDC Provider (CVE-2024-56171)
Summary A security vulnerability has been addressed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2024-56171 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in...
Security Bulletin: The Document Service Container of IBM Stelring B2B Integrator and IBM Sterling File Gateway is vulnerable to Informaton Disclosure (177835)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure security vulnerability Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper...
Security Bulletin: The B2B API of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service (CVE-2025-23184)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In...
Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization
Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45339 DESCRIPTION: When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log fil...
Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-33142)
Summary IBM WebSphere Application Server could provide weaker than expected security for TLS connections. Vulnerability Details CVEID:CVE-2025-33142 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security for TLS connections. CWE:CWE-295: Improper Certificate...
Security Bulletin: A Security Vulnerability was found in the IBM Security Verify Access product.
Summary IBM Security Verify Access could allow could an unverified user to change the password of an expired user without prior knowledge of that password Vulnerability Details CVEID:CVE-2024-45647 DESCRIPTION: IBM Security Verify Access could allow could an unverified user to change the password...
Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by a security bypass vulnerability (CVE-2025-54090)
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: Multiple vulnerabilities in python and babel runtime affect IBM DevOps Automation Code
Summary Python version 3.9.15, vulnerable to CVE-2023-27043, CVE-2024-3220 and babel version 7.27.7 vulnerable to CVE-2025-27789 are used inside DevOps Automation Code 1.0.1 containers. Vulnerability Details CVEID:CVE-2024-3220 DESCRIPTION: There is a defect in the CPython standard library module...
Security Bulletin: IBM Planning Analytics is vulnerable to a Denial of Service due to the use of Apache Commons
Summary There is a vulnerability in one of the Open Source Software OSS components consumed by IBM Planning Analytics. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics Workspace and not any nested dependencies within the product...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-48988, CVE-2025-49125 & CVE-2025-48976 )
Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-48988 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 throug...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to disclosure of information.
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty CVE-2024-47535CVE-2025-25193 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file
Summary Scala could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in LazyList. By sending specially-crafted request using gadget chain, an attacker could exploit this vulnerability to execute arbitrary code, erase contents of...
Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager TADDM. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2025 CPU
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36047)
Summary IBM WebSphere Application Server Liberty is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerab...