35608 matches found
Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to take over Java SE
Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-50106 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom-0.8.10.tgz which is vulnerable to this CVE-2021-32796
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom-0.8.10.tgz which is vulnerable to this CVE-2021-32796 Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParse...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0, golang.org/x/net-v0.33.0, golang.org/x/net-v0.34.0 which is vulnerable to this CVE-2025-22870
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0, golang.org/x/net-v0.33.0, golang.org/x/net-v0.34.0 which is vulnerable to this CVE-2025-22870 Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against prox...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.0-py3-none-any.whl which is vulnerable to this CVE-2025-47278
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.0-py3-none-any.whl which is vulnerable to this CVE-2025-47278 Vulnerability Details CVEID:CVE-2025-47278 DESCRIPTION: Flask is a web server gateway interface WSGI web application framework. In Fla...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0 which is vulnerable to CVE-2024-45338, CVE-2023-45288, CVE-2025-22870
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0 which is vulnerable to CVE-2024-45338, CVE-2023-45288, CVE-2025-22870 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Improper Resource Shutdown or Release due to Apache Tomcat ( CVE-2025-48989 )
Summary IBM Integration Bus for z/OS is vulnerable to Improper Resource Shutdown or Release due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-2.0.1.tgz which is vulnerable to this CVE-2025-5889
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-2.0.1.tgz which is vulnerable to this CVE-2025-5889 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to...
Security Bulletin: IBM TXSeries for Multiplatforms is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability & a use-after-free (UAF) vulnerability found in Linux kernel packages.
Summary IBM TXSeries for Multiplatforms is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability & a use-after-free UAF vulnerability found in Linux kernel packages. The versions of the packages that are delivered with IBM TXSeries for Multiplatforms have been updated in ord...
Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.306 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-32873
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-32873. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-32873 DESCRIPTION: An issue was discovered in Django 4.2 before...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-48432
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-48432. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48432 DESCRIPTION: An issue was discovered in Django 5.2 before...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses commons-lang3-3.17.0.jar which is vulnerable to this CVE-2025-48924
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses commons-lang3-3.17.0.jar which is vulnerable to this CVE-2025-48924 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects...
Security Bulletin: Due to use of Apache Commons, IBM Operations Analytics - Log Analysis is affected by Improper Handling of Untrusted Input During Deserialization
Summary Apache Commons is used by IBM Operations Analytics - Log Analysis as part of the configuration parsing in Apache Solr CVE-2017-15708, CVE-2019-13116 and Java Deserialization CVE-2015-4852, CVE-2015-6420, CVE-2015-7501 Vulnerability Details CVEID:CVE-2015-4852 DESCRIPTION: The WLS Security...
Security Bulletin: WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions (CVE-2024-56339)
Summary WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker ...
Security Bulletin: AIX/VIOS is vulnerable to arbitrary file write due to Kerberos (CVE-2025-36244)
Summary Vulnerability in AIX's Kerberos could allow a non-privileged local user to write to arbitrary files CVE-2025-36244 Vulnerability Details CVEID:CVE-2025-36244 DESCRIPTION: IBM AIX, when configured to use Kerberos network authentication, could allow a local user to write to files on the...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14. Vulnerability Details CVEID:CVE-2025-55193 DESCRIPTION: Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may ...
Security Bulletin: Multiple vulnerabilities in Spring may affect IBM Business Automation Workflow - CVE-2024-38820, CVE-2025-22233
Summary IBM Business Automation Workflow packages vulnerable copies of Spring framework. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptio...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities.
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-45010 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning...
Security Bulletin: IBM Guardium Data Protection is affected by kernel vulnerabilities.
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2023-52478 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidppconnectevent has...
Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console( CVE-2022-1471,CVE-2024-22259,CVE-2020-8565, CVE-2019-11250,CVE-2023-44487,CVE-2022-46175, CVE-2024-22243)
Summary SnakeYaml Constructor Deserialization Remote Code Execution. Spring-web-6.0.11, k8s.io-client-go, k8s.io-Apimachinery-v0.25.1, json5-1.0.1, spring-web-6.0.11 open source libraries are used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the...
Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-7783, CVE-2025-22868, CVE-2025-57810, CVE-2025-27789, CVE-2025-22870, CVE-2025-58754)
Summary form-data-3.0.0.tgz, golang.org/x/oauth2-v0.0.0-20211104180415-d3ed0bb246c8, jspdf-3.0.1.tgz, runtime-7.26.0.tgz, golang.org/x/net-v0.33.0 and axios-1.9.0.tgz the following dependency packages are being used by IBM Db2 Intelligence Center. This bulletin describes the upgrades necessary to...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Uncontrolled Recursion vulnerability in Apache Commons Lang
Summary Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... Can Throw A StackOverflowError On Very Long Inputs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...
Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability (CVE-2025-48989).
Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability CVE-2025-48989. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2024-45337 and CVE-2025-22869
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2024-45337 and CVE-2025-22869 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...
Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in form-data package
Summary IBM Watson Discovery Cartridge contains a vulnerable version of form-data Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.5.0-py3-none-any.whl
Summary IBM Watson Discovery Cartridge contains a vulnerable version of deepdiff-8.5.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-58367 DESCRIPTION: DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class...
Security Bulletin: Several Security Vulnerabilities have been discovered in IBM Security Verify Directory Appliance
Summary Security Vulnerabilities have been addressed in IBM Security Verify Directory Appliance. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and hig...
Security Bulletin: Multiple vulnerabilities in OpenJDK may affect opensearch in IBM Business Automation Workflow on Containers - CVE-2025-30749, CVE-2025-30754, CVE-2025-2025-50059
Summary IBM Business Automation Workflow provides a container image for opensearch. OpenJDK on this image is outdated. Vulnerability Details CVEID:CVE-2025-30749 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
Security Bulletin: Improper Access Control vulnerability in Apache Commons may affect IBM Business Automation Workflow - CVE-2025-48734
Summary IBM Business Automation Workflow packages a copy of Apache commons-beanutils. CVE-2025-48734 has been reported for this library. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...
Security Bulletin: IBM Maximo Application Suite - Predict Component uses Requests is a HTTP library. Due to a URL parsing issue to third parties for specific urls.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses Requests is a HTTP library. Due to a URL parsing issue to third parties for specific urls. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081...
Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server could allow a remote attacker to bypass security restrcitions.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server could allow a remote attacker to bypass security restrcitions. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-56339...
Security Bulletin: IBM Maximo Application Suite - Predict Component uses Pillow is a Python imaging library format due to writing into a buffer.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses Pillow is a Python imaging library format due to writing into a buffer.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is...
Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server are vulnerable to denial of service.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server are vulnerable to denial of service.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere...
Security Bulletin: IBM Maximo Application Suite - Predict Component uses urllib3 is a user-friendly HTTP client for Python.
Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses urllib3 is a user-friendly HTTP client for Python. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.3
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.3 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to...
Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2025-52520, CVE-2025-53506 and CVE-2025-52434).
Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to multiple vulnerabilities CVE-2025-52520, CVE-2025-53506 and CVE-2025-52434. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-52520 DESCRIPTION: For...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36099)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Asset Management application (CVE-2025-48924)
Summary There is a vulnerability in commons-lang3-3.4.jarused by IBM Maximo Asset Management application CVE-2025-48924 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-48924)
Summary There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting wi...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons Compress
Summary Vulnerabilities have been identified in Apache Commons Compress, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "eventlet-0.39.0-py3-none-any.whl, commons-lang3-3.17.0.jar, spring-core-6.2.10.jar" which is vulnerable to "CVE-2025-58068, CVE-2025-48924, CVE-2025-41249". This bulletin contains information regarding the vulnerability and how it is addressed...
Security Bulletin: IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182
Summary IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION:...
Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to CVE-2025-36097, CVE-2025-7783, CVE-2025-25193, CVE-2025-47278, CVE-2025-23184, CVE-2025-22872 and CVE-2024-56339...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.
Summary IBM Maximo Application Suite uses spring-beans-6.2.9.jar, spring-context-6.1.14.jar, flask-3.1.0-py3-none-any.whl, kafka-clients-3.9.0.jar, cxf-core-3.6.7.jar, urllib3-1.26.20-py2.py3-none-any.whl, postgresql-42.7.5.jar, requests-2.32.3-py3-none-any.whl,commons-beanutils-1.9.4.jar which i...
Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-beans-6.2.3.jar (CVE-2025-41242)
Summary IBM Sterling Connect:Direct Web Services is vulnerable toPath Traversal Vulnerability in spring-beans-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-security-core-6.4.3.jar (CVE-2025-41248)
Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-security-core-6.4.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41248...
Security Bulletin: IBM Connect:Direct Web Services is affected by a PostgreSQL vulnerability (CVE-2025-49146)
Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to requir...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-core-6.2.3.jar (CVE-2025-41249)
Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-core-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-web-6.2.3.jar(CVE-2025-41234)
Summary IBM Sterling Connect:Direct Web Services is vulnerable to a reflected file download RFD attack in spring-web-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x a...