Security Bulletin: Vulnerabilities in Quarkus-HTTP affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus-HTTP has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-12397 DESCRIPTION: A...

Security Bulletin: Vulnerabilities in axios affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in axios has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a...

Security Bulletin: Vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22868 DESCRIPTION: An attacker can pass a...

Security Bulletin: Vulnerabilities in SSH affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in SSH has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers...

Security Bulletin: Vulnerabilities in path-to-regexp affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in path-to-regexp has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

Security Bulletin: Vulnerabilities in Fastify affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Fastify has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-32442 DESCRIPTION: Fastify ...

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an...

Security Bulletin: Deserialization of untrusted data, path traversal, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to deserialization of untrusted data, path traversal, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit...

Security Bulletin: Vulnerabilities in quarkus-resteasy affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in quarkus-resteasy has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-1634 DESCRIPTION: ...

Security Bulletin: Critical Fixes for IBM Storage Defender - Data Protect included in 2.0.15

Summary IBM Storage Defender - Data Protect is vulnerable to CVE-2024-48910 and CVE-2024-47875. Fixes for these CVEs are included in version 2.0.15. Vulnerability Details CVEID:CVE-2024-48910 DESCRIPTION: DOMPurify could allow a remote authenticated attacker to execute arbitrary code on the syste...

Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera

Summary On April 1, 2025, a critical vulnerability in the parquet-avro module of Apache Parquet CVE-2025-30065, CVSS score 10.0 was announced. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows ba...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed WebSphere Application Server is affected by a denial of service with glassfish jsonp (CVE-2025-36097)

Summary WebSphere Application Server is included as part of IBM Tivoli Composite Application Manager for Application Diagnostics and has affected by a denial of service with glassfish jsonp CVE-2025-36097 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server

Summary Vulnerabilities exist in IBM Netezza Performance Server are addressed in 11.2.3.3-IF1 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsin...

Security Bulletin: Multiple Vulnerabilities Affected for EDB

Summary Multiple Vulnerabilities Affected for EDB has been addressed for EDB PostgreSQL with IBM and EDB Postgres Advanced Server with IBM Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

Security Bulletin: Multiple Vulnerabilities Affected for EDB

Summary Multiple Vulnerabilities Affected for EDB has been addressed for EDB PostgreSQL with IBM and EDB Postgres Advanced Server with IBM Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server

Summary Vulnerabilities exist in IBM Netezza Performance Server are addressed in 11.2.3.3 Vulnerability Details CVEID:CVE-2024-43591 DESCRIPTION: Azure Command Line Integration CLI Elevation of Privilege Vulnerability CWE:CWE-77: Improper Neutralization of Special Elements used in a Command...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-56339)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: Vulnerabilities in path-to-regexp affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in path-to-regexp has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

Security Bulletin: Vulnerabilities in axios affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in axios has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a...

Security Bulletin: Update JRE for Older Versions of IBM SPSS Statistics

Summary Vulnerabilities related to encryption were found in older versions of the Java Runtime Environment JRE. This Interim Fix addresses those problems. The IF applies to all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update plus CVE-2025-4447...

Security Bulletin: Update JRE for Older Versions of IBM SPSS Statistics

Summary Vulnerabilities related to encryption were found in older versions of the Java Runtime Environment JRE. This Interim Fix addresses those problems. The IF applies to all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update plus CVE-2025-4447...

Security Bulletin: Security Vulnerability Exists in QueueWatch UI of IBM Sterling B2B Integrator and IBM Sterling File Gateway Due to Lack of Validation of Request Parameters (CVE-2025-33014)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilty Vulnerability Details CVEID:CVE-2025-33014 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses a web link with untrusted references to an external site. A remote attacker could...

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-300...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high...

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (July 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2024-28752 DESCRIPTION: A SSRF vulnerability using t...

Security Bulletin: DataStage on Cloud Pak for Data has vulnerabilities due to transformers package (CVE-2024-11392, CVE-2024-11393, CVE-2024-11394)

Summary transformers is used by DataStage on Cloud Pak for Data as part of the model-definition framework. Vulnerability Details CVEID:CVE-2024-11392 DESCRIPTION: Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple Apache Tomcat vulnerabilities (CVE-2025-48976, CVE-2025-48988)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to multiple Apache Tomcat vulnerabilities CVE-2025-48976, CVE-2025-48988 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability i...

Security Bulletin: AIX/VIOS is vulnerable to arbitrary code execution (CVE-2025-3277, CVE-2025-29087) and denial of service (CVE-2025-29088) due to RPM

Summary Vulnerabilities in RPM could allow an attacker to execute arbitrary code CVE-2025-3277, CVE-2025-29087 or cause a denial of service CVE-2025-29088. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2025-3277 DESCRIPTION: An integer overflow can be triggered in...

Security Bulletin: Multiple vulnerabilities in libxml2 affect AIX/VIOS

Summary Vulnerabilities in libxml2 could cause a denial of service or other possible undefined behavior CVE-2025-49796, CVE-2025-49794, CVE-2025-49795, CVE-2025-6021. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2025-49796 DESCRIPTION: A vulnerability was...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus. (CVE-2025-1470, CVE-2025-1471)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Linux on IBM Z Systems. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In Eclipse OMR, from the initial contribution to version 0.4.0, some O...

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2025-21587, CVE-2025-30698, CVE-2025-2900, CVE-2025-4447. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

Security Bulletin: A vulnerability in libxml2 affects Tivoli Netcool/OMNIbus (CVE-2024-25062)

Summary There is a vulnerability in the libxml2 library that ships as a component of Tivoli Netcool/OMNIbus. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation a...

Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Java Runtime Environments and IBM Semeru Runtimes are used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been updated in order to address the multip...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service (CVE-2025-36097)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service. This affects WebSphere Liberty with the jsonp-1.0, jsonp-1.1, or jsonp-2.0 features enabled. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for June 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF004 Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1,...

Security Bulletin: A flaw was found in NATS-SERVER which affect IBM watsonx.data

Summary ATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially...

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct FTP...

Security Bulletin: Apache Commons FileUpload used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2025-48976))

Summary Apache Commons FileUpload used by IBM InforSphere Identity Insight provided a hard-coded limit of 10kB for the size of the headers associated with a multipart request. A specially crafted request that used a large number of parts with large headers could trigger excessive memory usage...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.3. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP5 where applicable. Multiple Cross-Site Request Forgery vulnerabilities have been addressed CVE-2020-4301, CVE-2021-20468...

Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS Product

Summary Vulnerabilities exist in IBM Netezza Analytics - NPS product are addressed in version 11.2.29 Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. By...

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-49395 DESCRIPTION: In the Linux kernel, the following vulnerability has...

Security Bulletin: IBM QRadar SIEM protocols are affected by denial of service.

Summary gRPC is affected by denial of service and connection termination issues due to flaws in request parsing and protocol handling. These issues may result in excessive resource consumption or unexpected disruptions in service availability. Vulnerability Details CVEID:CVE-2023-33953 DESCRIPTIO...

Security Bulletin: Multiple Vulnerabilities affecting IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 4.8.9 and 5.2 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and...

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to multiple vulnerabilities.

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a multiple vulnerabilities. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-46701 DESCRIPTION: Improper Handling of Case Sensitivity vulnerability ...

Security Bulletin: Due to use of Nodejs Express.js, multiple vulnerabilities affect IBM Cloud Pak System[CVE-2024-43796, CVE-2024-43799, CVE-2024-43800]

Summary Multiple vulnerabilities in Send cross-site scripting XSS within the SendStream.redirect, serve-static built-in and response.redirect found in Node.js Express.js which is used by IBM Cloud Pak System. Vulnerabilities were addressed by IBM Cloud Pak System. Vulnerability Details...

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 8 to address the issues. Vulnerability...

Security Bulletin: IBM Storage Scale versions 5.2.3.0 and 5.2.3.1 are affected by a security vulnerability that can allow unauthorized access to user files (CVE-2025-36104)

Summary IBM has identified a data access problem in IBM Storage Scale 5.2.3.0 and 5.2.3.1 regarding the SMB protocol and acccess control lists ACLs. The problem occurs with the use of inherited ACLs on directories or files that are created or modified through the SMB protocol. A fix for this...