34975 matches found
Security Bulletin: Vulnerabilities in SSH affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in SSH has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2024 CPU plus...
Security Bulletin: Vulnerabilities in Babel affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Babel has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a...
Security Bulletin: Multiple vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE...
Security Bulletin: Vulnerabilities in nanoid affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in nanoid has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid a...
Security Bulletin: Multiple vulnerability in IBM® SDK, Java™ and IBM® Semeru Runtime may affect IBM Business Automation Workflow
Summary IBM Business Automation Workflow traditional requires IBM® SDK, Java™. IBM Business Automation Workflow containers package IBM® Semeru Runtime. Vulnerabilities for both variants of Java have been reported. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerabilit...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-43204, CVE-2024-43394, CVE-2024-42516)
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow embedded Navigator - CVE-2024-38808
Summary IBM Business Automation Workflow embedded Navigator repackages a vulnerable copy of Spring. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring...
Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2025-33197
Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details CVEID:CVE-2025-33197 DESCRIPTION: IBM Business Automation Workflow, CP4BA is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary...
Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and...
Security Bulletin: Security vulnerability in jetty may affect IBM Business Automation Workflow - CVE-2024-6763
Summary IBM Business Automation Workflow is vulnerable packages a vulnerable copy of eclipse jetty. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...
Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141
Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...
Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty may affect IBM Business Automation Workflow - CVE-2025-25193, CVE-2025-23184
Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty. Multiple security vulnerabilies have been reported...
Security Bulletin: Cross Site Scripting vulnerabiliies may affect IBM Business Automation Workflow - CVE-2024-47875, CVE-2024-48910
Summary IBM Business Automation Workflow packages a vulnerable copy of DOMPurify. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability i...
Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is ...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.14 LTS and 12.14.0 addresses the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.3 Vulnerability Details CVEID:CVE-2013-4660 DESCRIPTION: The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed multiple vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to...
Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF006
Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF006 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Request...
Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak
Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-27907)
Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-23166]
Summary Node.js is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js. CVE-2025-23166 Vulnerability Details...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality [CVE-2025-22874]
Summary Golang module crypto/x509 is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF18 patch Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons...
Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.
Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2025-21587, CVE-2025-30698, CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to...
Security Bulletin: IBM Tivoli Monitoring is affected by heap buffer overflow vulnerabilities
Summary IBM Tivoli Monitoring has addressed heap buffer overflow vulnerabilities CVE-2025-3354, CVE-2025-3320 Vulnerability Details CVEID:CVE-2025-3354 DESCRIPTION: IBM Tivoli Monitoring is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could...
Security Bulletin: IBM Guardium Data Protection is affected by a RHEL7 Kernel vulnerability (CVE-2024-36971)
Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-36971 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when...
Security Bulletin: IBM Guardium Data Protection is affected by multiple Tomcat vulnerabilities (CVE-2025-24813, CVE-2024-50379)
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files...
Security Bulletin: IBM Guardium Data Protection is affected by a Privilege Escalation vulnerability (CVE-2025-3473)
Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-3473 DESCRIPTION: IBM Security Guardium could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - could be susceptible to cross-site scripting due to no validation of URIs.
Summary IBM Engineering Lifecycle Optimization - Publishing could be susceptible to cross-site scripting due to no validation of URIs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimizati...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM)(CVE-2024-56339)
Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2025-36097)
Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to FreeType Remote Code Execution Vulnerability (CVE-2025-27363)
Summary IBM Sterling Partner Engagement Manager uses FreeType has part of the package and is affected by CVE-2025-27363 for versions 2.13.0 and below. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of...
Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed
Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bound...
Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871"
Summary IBM Maximo Application Suite uses " axios, http-proxy-middleware and net/http package " which is vulnerable to "CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871". This bulletin contains information regarding the vulnerability and how to address it. Vulnerability Details...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - The jackson-core package is vulnerable to a Denial of Service (DoS) attack
Summary There is a Jackson-Core vulnerability shipped with IBM Engineering Lifecycle Optimization - Publishing. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - In Connect2id Nimbus JOSE+JWT, an attacker can cause a denial of service
Summary Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause ...
Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817)
Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-25193)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...
Security Bulletin: IBM Spectrum Protect Server may not count invalid sign-on attempts from Operations Center (CVE-2022-22485)
Summary The IBM Spectrum Protect Server, in certain instances, may not increment the number of invalid sign-on attempts from Operations Center. This could allow an attacker to use brute force techniques to gain access to the IBM Spectrum Protect Server. Vulnerability Details CVEID:CVE-2022-22485...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
Security Bulletin: Outbound Email for SOAR App is using a component with a known vulnerability (CVE-2025-27516)
Summary The Outbound Email for SOAR App uses an older version of the jinja template library that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to Outbound Email for SOAR version 2.1.4 or later. Vulnerabilit...
Security Bulletin: Vulnerability with spring-security-crypto and jinja affect IBM Cloud Object Storage Systems (July 2025)
Summary Vulnerability with spring-security-crypto CVE-2025-22228 and jinja CVE-2025-27516 . This vulnerability has been addressed in the latest ClevOS release. Vulnerability Details CVEID:CVE-2025-22228 DESCRIPTION: BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for...
Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization
Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2025 Critical Patch Update. For more information please refer to Oracle's July 2025 CPU Advisory and the CVE links referenced below. Vulnerability Details...
Security Bulletin: IBM QRadar SIEM is affected by cross-site scripting and denial of service (CVE-2025-33118, CVE-2011-5034, CVE-2024-25710, CVE-2024-26308)
Summary IBM QRadar SIEM is affected by stored cross-site scripting and denial of service. Apache Geronimo and Apache Commons Compress are affected by predictable hash collisions, infinite loop, and resource exhaustion. Vulnerability Details CVEID:CVE-2025-33118 DESCRIPTION: IBM QRadar SIEM is...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes...
Security Bulletin: IBM Maximo Application Suite uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to CVE-2024-6866, CVE-2024-6839, CVE-2024-6.
Summary IBM Maximo Application Suite uses flaskcors-5.0.1-py3-none-any.whl which is vulnerable toCVE-2024-6866, CVE-2024-6839, CVE-2024-6.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6866 DESCRIPTION: corydolphin/flask-cors...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses runtime-7.27.0.tgz which is vulnerable to this CVE-2025-27789
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses runtime-7.27.0.tgz which is vulnerable to this CVE-2025-27789 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flaskcors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844 Vulnerability Details CVEID:CVE-2024-6866 DESCRIPTION: corydolphin/flask-cors version 4.01 contain...