35608 matches found
Security Bulletin: IBM Application Modernization Accelerator Developer Tools is affected by an Uncontrolled Recursion vulnerability due to Apache Commons Lang (CVE-2025-48924)
Summary There is a vulnerability in Apache Commons Lang used by IBM Application Modernization Accelerator Developer Tools. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: Due to use of netty-codec, IBM Sterling Connect:Direct Web Services is affected by denial of service.
Summary Netty-codec is used by IBM Sterling Connect:Direct Web Services CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In...
Security Bulletin: A vulnerability in Python affects IBM Robotic Process Automation and may result in unauthorized access in some applications (CVE-2023-27043)
Summary A vulnerability in Python affects IBM Robotic Process Automation and may result in unauthorized access in some applications. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve this vulnerability. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak
Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: A vulnerability in RedHat UBI affects IBM Robotic Process Automation for Cloud Pak and may result in buffer overflow (CVE-2025-0395).
Summary A vulnerability in RedHat UBI affects IBM Robotic Process Automation for Cloud Pak and may result in buffer overflow. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address this vulnerability...
Security Bulletin: Technical Support Appliance – possible security flaw in managing memory
Summary A flaw in VKMS Virtual Kernel Mode Setting driver may allow memory to be accessed that is no longer used, potentially exposing security related information Vulnerability Details CVEID:CVE-2025-22097 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: drm/vkms:...
Security Bulletin: Technical Support Appliance - possible security flaw in managing memory
Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is no longer used, potentially exposing security related information. Vulnerability Details CVEID:CVE-2021-47670 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: can:...
Security Bulletin: IBM Technical Suppport Appliance - possible security flaws in memory management leading to information disclosure or denial of service
Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is already free and a flaw in Virtual Machine Communication Interface VMCI allowed uninitialized kernel memory to be exposed to userspace. Vulnerability Details CVEID:CVE-2022-49058 DESCRIPTION: In the...
Security Bulletin: possible security flaw in memory management
Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is no longer used, potentially exposing security related information. Vulnerability Details CVEID:CVE-2022-50020 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ext4:...
Security Bulletin: IBM MQ is vulnerable to Slowloris attack which is a type of denial-of-service (DoS) (CVE-2025-36128)
Summary IBM MQ is vulnerable to Slowloris attack which is a type of denial-of-service DoS. Vulnerability Details CVEID:CVE-2025-36128 DESCRIPTION: IBM MQ is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to Information Disclosure (CVE-2025-36002)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-36002 DESCRIPTION: IBM Sterling B2B Integrator stores user credentials in configuration files which can be read by a local user...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-32988 DESCRIPTION: A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject...
Security Bulletin: IBM QRadar Investigation Assistant app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Investigation Assistant app for IBM QRadar SIEM has addressed the applicable CVEs Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a...
Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization
Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-53905 DESCRIPTION: Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Summary d3-color and brace-expansion vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.3.0. Those libraries are used in the UI components of IBM Business Automation Manager Open Editions. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was fou...
Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by multiple vulnerabilities due to IBM Java.
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE, is affected by multiple vulnerabilities CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754 . This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in commons-lang3-3.17.0.jar (CVE-2025-48924)
Summary IBM Sterling Connect:Direct Web Services is affected by an uncontrolled recursion vulnerability in commons-lang3-3.17.0. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apac...
Security Bulletin: IBM Java Updates to Address Latest Vulnerabilities
Summary This update addresses recent vulnerabilities found in the Java Runtime Environment JRE. It addresses the following CVEs: CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, and CVE-2025-30754. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle...
Security Bulletin: IBM App Connect Enterprise is vulnerable to symlink validation bypass due to tar-fs ( CVE-2025-59343 )
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors arevulnerable to symlink validation bypass due to tar-fs. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...
Security Bulletin: Multiple security vulnerabilities in Java affect IBM Robotic Process Automation
Summary Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...
Security Bulletin: Ehcache library of IBM Terracotta hash flooding DoS vulnerability
Summary The Ehcache 3.x component library of IBM Terracotta was found to have a hash flooding DoS vulnerability that can affect applications that use cache keys directly sourced from end users. Vulnerability Details CVEID:CVE-2025-2529 DESCRIPTION: Applications using affected versions of Ehcache...
Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities
Summary IBM Security QRadar EDR includes components affected by known vulnerabilities e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in this update. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found i...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service, cross-site scripting, and security bypass vulnerabilities
Summary Apache Commons FileUpload, Servlet feature, adminCenter feature, and JMS messaging are used by IBM Operations Analytics - Log Analysis as part of handling file uploads, web applications CVE-2025-48976, CVE-2025-36047, administrative centre CVE-2025-36000, asynchronous communication using...
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server could provide weaker than expected security due to crypto.js (CVE-2020-36732)
Summary A vulnerability in crypto.js library affects IBM WebSphere Application Server Liberty with the openidConnectServer-1.0 feature enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, and addressed in this bulletin: Global Configuration Management,...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-48976)
Summary The following vulnerabilities, which can affect IBM Storage Scale and the Management GUI and could provide weaker-than-expected security, are now fixed in Storage Scale 5.1.9.12 and 5.2.3.3 or higher CVE-2025-48976. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...
Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment
Summary YAJSWYet Another Java Service Wrapper uses Apache Commons and Netty to manage services, launch and monitor application etc. WebSphere eXtreme Scale Liberty deployments, uses YAJSW to register services with the operating system. CVE-2025-27553, CVE-2025-30474 and CVE-2025-25193...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple vulnerabilities in Netty (CVE-2025-58056, CVE-2025-58057)
Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server-relay communication system and is affected by CVE-2025-58056, CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framewo...
Security Bulletin: Technical Support Appliance - possible denial of service
Summary A flaw in TCP/IP may allow a denial of service Vulnerability Details CVEID:CVE-2024-50154 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler...
Security Bulletin: IBM CICS TX Standard is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability & a use-after-free (UAF) vulnerability found in Linux kernel packages.
Summary IBM CICS TX Standard is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability & a use-after-free UAF vulnerability found in Linux kernel packages. The versions of the packages that are delivered with IBM CICS TX Standard have been updated in order to address these...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-31650 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up ...
Security Bulletin: AIX/VIOS is vulnerable to a denial of service (CVE-2025-49175, CVE-2025-49178) and an integer overflow (CVE-2025-49176, CVE-2025-49179)
Summary Vulnerabilities in Xorg X Server could cause a denial of service CVE-2025-49175, CVE-2025-49178 or an integer overflow CVE-2025-49176, CVE-2025-49179. Vulnerability Details CVEID:CVE-2025-49175 DESCRIPTION: A flaw was found in the X Rendering extension's handling of animated cursors. If a...
Security Bulletin: IBM CICS TX Advanced is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability & a use-after-free (UAF) vulnerability found in Linux kernel packages.
Summary IBM CICS TX Advanced is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability & a use-after-free UAF vulnerability found in Linux kernel packages. The versions of the packages that are delivered with IBM CICS TX Advanced have been updated in order to address these...
Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.
Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address these. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficien...
Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced.
Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced. An update to IBM CICS TX Advanced has been released to address these. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through...
Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms.
Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms. An update to TXSeries for Multiplatforms has been released to address these. Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0....
Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to multiple vulnerabilities due to Apache Axis. CVE-2018-8032, CVE-2014-3596, CVE-2019-0227, CVE-2012-5784
Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to multiple vulnerabilities due to Apache Axis. CVE-2018-8032, CVE-2014-3596, CVE-2019-0227, CVE-2012-5784. Vulnerability Details CVEID:CVE-2018-8032 DESCRIPTION: Apache Axis 1.x up ...
Security Bulletin: Security vulnerability has been found in IBM Verify Identity Access/IBM Security Verify Access (CVE-2025-36087)
Summary Security vulnerability has been addressed in IBM Verify Identity Access/IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-36087 DESCRIPTION: IBM Security Verify Access, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key,...
Security Bulletin: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, (CVE-2025-50106) affects IBM PowerVM Novalink.
Summary A high-severity vulnerability CVSS 8.1 in the 2D component of Oracle Java SE and GraalVM multiple versions allows remote, unauthenticated attackers to fully compromise affected systems via crafted input to graphics APIs.PowerVM Novalink has addressed the applicable CVEs. Vulnerability...
Security Bulletin: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload, (CVE-2025-48976) affects IBM PowerVM Novalink.
Summary A DoS vulnerability in Apache Commons FileUpload before 1.6 and 2.0.0-M4 allows resource exhaustion via multipart headers. Fixed in versions 1.6 and 2.0.0-M4. PowerVM NovaLink has addressed CVE-2025-48976. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for...
Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36097) affects IBM PowerVM Novalink.
Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerab...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service (CVE-2025-36099)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service (CVE-2025-36099)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service (CVE-2025-36099)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.1 Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but t...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Apache Commons HttpClient before 4.2.3 allows man-in-the-middle attack
Summary Apache Commons HttpClient before 4.2.3 allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle...
Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager TADDM. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...
Security Bulletin: IBM Storage Ceph is vulnerable to Allocation of Resources Without Limits or Throttling in Grafana (CVE-2023-45290)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. CVE-2023-45290 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-45290 DESCRIPTION: When parsing a multipart form either explicitly with...
Security Bulletin: IBM Storage Ceph is vulnerable to an Infinite Loop in Grafana (CVE-2024-24786)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. CVE-2024-24786 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Improper Access Control vulnerability in Apache Commons
Summary Apache Commons BeanUtils: PropertyUtilsBean Does Not Suppresses An Enum's DeclaredClass Property By Default. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...