35608 matches found
Security Bulletin: AIX/VIOS is vulnerable to a memory corruption issue (CVE-2025-6965) due to RPM
Summary Vulnerability in RPM could allow an attacker to cause a memory corruption issue CVE-2025-6965. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2025-6965 DESCRIPTION: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate term...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to an open redirect attack due to the Eclipse Jetty package (CVE-2024-6763)
Summary Eclipse Jetty is used by DataStage on Cloud Pak for Data as part of the server processing functionality. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI,...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-10.1.42.jar
Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-10.1.42.jar Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affect...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in IBM SDK
Summary IBM Watson Discovery Cartridge contains a vulnerable version of IBM SDK Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that a...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in webrick-1.4.2.gem
Summary IBM Watson Discovery Cartridge contains a vulnerable version of webrick-1.4.2.gem Vulnerability Details CVEID:CVE-2025-6442 DESCRIPTION: Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected...
Security Bulletin: IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a stack-based buffer overflow
Summary IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in urllib3-1.26.20-py2.py3-none-any.whl
Summary IBM Watson Discovery Cartridge contains a vulnerable version of urllib3-1.26.20-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in eslint-config-prettier
Summary IBM Watson Discovery Cartridge contains a vulnerable version of eslint-config-prettier Vulnerability Details CVEID:CVE-2025-54313 DESCRIPTION: eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.106.jar
Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-9.0.106.jar Vulnerability Details CVEID:CVE-2025-53506 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that...
Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Editio...
Security Bulletin: Several Security Vulnerabilities have been discovered in IBM Security Verify Access and IBM Verify Identity Access products. (CVE-2025-36354, CVE-2025-36355, CVE-2025-363546)
Summary Security Vulnerabilities have been addressed in IBM Security Verify Access 10.0.9.0-IF3 and IBM Verify Identity Access 11.0.1.0-IF1. Vulnerability Details CVEID:CVE-2025-36355 DESCRIPTION: IBM Security Verify Access could allow a locally authenticated user to execute malicious scripts fro...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now included in 6.1.9.8 and 6.2.3.2
Summary The following vulnerabilities that can affect IBM Storage Scale System and could provide weaker than expected security are now fixed in 6.1.9.8 and 6.2.3.2. Vulnerability Details CVEID:CVE-2024-26934 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: USB: cor...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now included in 6.1.9.8 and 6.2.3.1
Summary The following vulnerabilities that can affect IBM Storage Scale System and could provide weaker than expected security are now fixed in 6.1.9.8 and 6.2.3.1. Vulnerability Details CVEID:CVE-2024-26973 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: fat: fix...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Jul 2025 - Includes OpenJDK July 2025 CPU...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2025 CPU...
Security Bulletin: Vulnerability in golang.org/x/crypto and idna affects IBM Db2 Data Management Console(CVE-2024-45337, CVE-2024-3651)
Summary golang.org/x/crypto and idna dependency packages is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081 Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior...
Security Bulletin: IBM Transformation Extender Advanced is affected by unsafe Java deserialization.
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is affected by unsafe Java deserialization. Vulnerability Details CVEID:CVE-2023-49886 DESCRIPTION: IBM Standards Processing Engine could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses form-data-4.0.1.tgz and form-data-4.0.3.tgz which are vulnerable to this CVE-2024-6345
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses form-data-4.0.1.tgz and form-data-4.0.3.tgz which are vulnerable to this CVE-2024-6345 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...
Security Bulletin: Vulnerability in go package in nginx-controller affects IBM Db2 Data Management Console
Summary go package in nginx-controller open source library is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.3-py3-none-any.whl
Summary IBM Watson Discovery Cartridge contains a vulnerable version of requests-2.32.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties f...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.10.3.jar
Summary IBM Watson Discovery Cartridge contains a vulnerable version of jackson-core-2.10.3.jar Vulnerability Details CVEID:CVE-2025-49128 DESCRIPTION: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in versio...
Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server have been remediated. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limi...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a denial of service
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a denial of service CVE-2025-36099 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...
Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service
Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application ManagerCVE-2025-36099 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager(CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed WebSphere Application Server traditional which is affected by a denial of service (CVE-2025-36099)
Summary The issue described in CVE-2025-36099 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details CVEID:CVE-2025-36099 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2025-36099)
Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by a potential denial of service attack due to Apache Thrift
Summary Apache Thrift is used by IBM Operations Analytics - Log Analysis as part of the Remote Procedure Call interface in Apache Solr. CVE-2020-13949 Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-36099)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Denial of Service attack due to CyberNeko HTML Parser
Summary Security Bulletin: CyberNeko HTML is used by IBM Operations Analytics - Log Analysis as document ingestion in Logstash CVE-2022-29546, CVE-2022-24839, CVE-2022-28366 Vulnerability Details CVEID:CVE-2022-29546 DESCRIPTION: HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to Uncontrolled Resource Consumption due to Eclipse Jetty.
Summary Eclipse Jetty is used by IBM Sterling Connect:Direct for UNIX in upgrade management. IBM Sterling Connect:Direct for UNIX is impacted by vulnerability in Eclipse Jetty. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2...
Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable due to IBM Runtime Environment Java Technology Edition Version 8
Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 8 to address the issues. Vulnerability...
Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to several vulnerabilities due to IBM Java 17
Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 17 to address the issues. Vulnerabilit...
Security Bulletin: IBM Watson Studio on Cloud Pak for Data is vulnerable to a cross-site scripting vulnerability
Summary Watson Studio on Cloud Pak for Data is vulnerable to cross-site scripting within the Web UI CVE-2025-33116 Vulnerability Details CVEID:CVE-2025-33116 DESCRIPTION: IBM Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitra...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Remote Server, is affected by a denial of service (CVE-2025-36099)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-36099)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by a denial of service due to JSON-P Java API
Summary JSON-P java api is used by IBM Operations Analytics - Log Analysis as part of converting plain Java objects to and from JSON data in WebSphere Application Server Liberty. CVE-2025-36097. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9.0 and...
Security Bulletin: IBM Transformation Extender Advanced, also known as Standards Processing Engine, does not have strong passwords by default
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, does not require that users should have strong passwords by default. Vulnerability Details CVEID:CVE-2023-49883 DESCRIPTION: IBM Standards Processing Engine does not require that users should have strong...
Security Bulletin: IBM Transformation Extender Advanced is could allow user impersonation.
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, could allow an authenticated user to impersonate another user on the system. Vulnerability Details CVEID:CVE-2023-49881 DESCRIPTION: IBM Standards Processing Engine does not invalidate session after logou...
Security Bulletin: IBM Transformation Extender Advanced could allow a local user to perform unauthorized actions due to improper access controls.
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, could allow a local user to perform unauthorized actions due to improper access controls. Vulnerability Details CVEID:CVE-2023-50300 DESCRIPTION: IBM Standards Processing Engine could allow a local user t...
Security Bulletin: IBM Transformation Extender Advanced stores potentially sensitive information in log files that could be read by a local user.
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, stores potentially sensitive information in log files that could be read by a local user. Vulnerability Details CVEID:CVE-2023-50301 DESCRIPTION: IBM Standards Processing Engine stores potentially sensiti...
Security Bulletin: IBM Transformation Extender Advanced is affected by Angular dependencies
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to multiple Angular.js issues. Please upgrade to a patched version. Vulnerability Details CVEID:CVE-2019-14863 DESCRIPTION: There is a vulnerability in all angular versions before...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.16 LTS and 12.16.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use MQ clients are vulnerable to password disclosure [CVE-2025-36100]
Summary The IBM MQ client code is available in the IBM App Connect Enterprise Certified Container image used by an IntegrationServer or IntegrationRuntime component. The client is vulnerable to a password disclosure vulnerability when MQ trace is enabled. This bulletin provides patch information ...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to incorrect binary execution [CVE-2025-47906]
Summary IBM App Connect Enterprise Certified Container operator and operands contain Golang binaries that are vulnerable to incorrect binary exection. This bulletin provides patch information to address the reported vulnerability in Golang module os/exec. CVE-2025-47906 Vulnerability Details...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8
Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION:...
Security Bulletin: due to the use of 10x UI, IBM Transformation Extender Advanced is vulnerable to unsafe deserialization in Java
Summary IBM Transformation Extender Advanced also known as IBM Standards Processing Engine has a vulnerability that could allow attackers to perform remote code execution. Please upgrade to one of the fixed versions in this bulletin. Vulnerability Details CVEID:CVE-2022-42441 DESCRIPTION: IBM...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in Eclipse Jetty
Summary There is vulnerability in Eclipse Jetty used by Install Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 t...
Security Bulletin: due to the use of Apache Commons IO, IBM Transformation Extender Advanced is vulnerable to excessive CPU consumption
Summary Apache Commons IO is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of .... CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...