35608 matches found
Security Bulletin: TOCTOU Race Condition in gosnowflake Logging Configuration Allows Local Privilege Misuse (Fixed in 1.13.3), affects watsonx.data
Summary gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On...
Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (July 2025)
Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Stored Cross-Site Scripting (XSS) Vulnerability in IBM Lakehouse Web UI Enables Privileged Code Injection, affects watsonx.data
Summary IBM Lakehouse is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. This can affect...
Security Bulletin: Buffer Over-read in PostgreSQL GB18030 Encoding Validation Leading to Potential DoS , affects watsonx.data
Summary Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9,...
Security Bulletin: Sensitive Information Disclosure in IBM Lakehouse Through Stack Traces , affects watsonx.data
Summary IBM Lakehouse could potentially reveal sensitive information from stack traces that could be read by a local privileged user. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36146 DESCRIPTION: IBM Lakehouse could potentially reveal sensitive information from stack trace...
Security Bulletin: Information Disclosure in IBM Lakehouse Allows Authenticated Users to Obtain Server Component Version Details , affects watsonx.data
Summary IBM Lakehouse could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36181 DESCRIPTION: IBM Lakehouse could allow an authenticated...
Security Bulletin: IBM Lakehouse Command Injection via Insufficient Input Sanitization , affects watsonx.data
Summary IBM Lakehouse could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36143 DESCRIPTION: IBM Lakehouse could allow an authenticated...
Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.304 Vulnerability Details CVEID:CVE-2025-8194 DESCRIPTION: There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration...
Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java
Summary IBM Enterprise Application Service for Java is affected by multiple vulnerabilities found in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in...
Security Bulletin: IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers
Summary IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers. It has a bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Vulnerability Detail...
Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic
Summary IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression...
Security Bulletin: IBM Watsonx BI is affected by use of jose v6.0.10 and was discovered to contain weak encryption
Summary IBM Watsonx BI is affected by use of jose v6.0.10 where the library uses a weak encryption algorithm, allowing an attacker to decrypt sensitive data Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a...
Security Bulletin: Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution (HPP)
Summary Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-25724 DESCRIPTION: listitemverbose in...
Security Bulletin: IBM Watsonx BI is affected by a vulnerability in Multer node.js middleware for handling multipart/form-data
Summary Watsonx BI is affected by a vulnerability in Multer node.js middleware for handling multipart/form-data. This is starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. Vulnerability...
Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic.
Summary Watsonx BI has a vulnerability found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity...
Security Bulletin: IBM Observability with Instana (OnPrem) has addressed multiple vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.303 Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure...
Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)
Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM fo...
Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)
Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time CVE-2025-21587, CVE-2025-30698, CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server Pattern shipped with IBM Cloud Pak System
Summary IBM Cloud Pak System WebSphere Application Server Pattern WAS pType is vulnerable to multiple vulnerabilities in IBM SDK. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker...
Security Bulletin: IBM Rational Developer for i is affected by an HTTP Parameter Pollution vulnerability in form-data (CVE-2025-7783)
Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP in the Code Coverage functionality within IBM Rational Developer for i. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...
Security Bulletin: SSPSS Collaboration and Deployment Services is affected by multiple vulnerabilities (CVE-2025-8916, CVE-2025-8885, CVE-2025-48976)
Summary SSPSS Collaboration and Deployment Services is affected by multiple vulnerabilities CVE-2025-8916, CVE-2025-8885, CVE-2025-48976. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling...
Security Bulletin: AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)
Summary Vulnerability in Perl could allow a local attacker to load code or access files from unexpected locations CVE-2025-40909. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-40909 DESCRIPTION: Perl threads have a working directory race condition wher...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-5889]
Summary Node.js module brace-expansion is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...
Security Bulletin: IBM ICCSAP cross site scripting vulnerablity fix.
Summary Vulnerability were disclosed part of Cross Site Scripting With PDF Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126,...
Security Bulletin: WebSphere Application Server bundled with IBM Tivoli Composite Application Manager for Application Diagnostics is affected by a remote attacker to bypass security restrictions
Summary WebSphere Application Server is included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. CVE-2024-56339 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...
Security Bulletin: IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493.
Summary IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.302 Vulnerability Details CVEID:CVE-2025-0913 DESCRIPTION: os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a...
Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition could provide weaker than expected security for TLS connections
Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, could provide weaker than expected security for TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...
Security Bulletin: IBM App Connect Enterprise Toolkit and Intregation Bus for z/OS Toolkit are vulnerable to an Origin Validation Error due to Paho Java Client ( CVE-2019-11777 )
Summary IBM App Connect Enterprise Toolkit and Intregation Bus for z/OS Toolkit are vulnerable to an Origin Validation Error due to Paho Java Client. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server...
Security Bulletin: Vulnerability in HMC affects improper neutralization of input during web page generation ('Cross-site Scripting') (CVE-2025-36125) on Power HMC.
Summary Vulnerability in HMC affects improper neutralization of input during web page generation 'Cross-site Scripting' on Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36125 DESCRIPTION: IBM Hardware Management Console - Power i...
Security Bulletin: IBM OpenPages Application API Response Caching Header Update
Summary Some IBM OpenPages API responses currently use the caching directive Cache-Control: max-age=0 instead of the more secure Cache-Control: no-store. While max-age=0 means the content is immediately stale, it may still be stored temporarily in browsers or intermediary caches. For sensitive...
Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2025 - Includes OpenJDK April 2025 CPU plus two additional CVEs
Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2025 - Includes OpenJDK April 2025 CPU with CVEs CVE-2025-21587, CVE-2025-30698, CVE-2025-2900, and CVE-2025-4447 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs
Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU with CVEs CVE-2024-21217, CVE-2024-21208, CVE-2024-10917, CVE-2024-9143 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM OpenPages fixes multer package vulnerability
Summary Vulnerability in the multer-1.4.5-lts.1.tgz package with IBM OpenPages has been addressed in the latest IBM OpenPages fix pack version for 9.0 and mod version for 9.1 Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data...
Security Bulletin: IBM watsonx Code Assistant On Prem product affected by h11 HTTP Chunk Handling Vulnerability
Summary A vulnerability CVE-2025-43859 has been identified in the h11 Python library, which impacts the IBM watsonx Code Assistant On-Premises product. This bulletin outlines the necessary steps to address and remediate the vulnerability. Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h1...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager ( CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability ha...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses crypto/x509 which is vulnerable to this CVE-2025-22874
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses crypto/x509 which is vulnerable to this CVE-2025-22874 Vulnerability Details CVEID:CVE-2025-22874 DESCRIPTION: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF001 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be us...
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: A vulnerability in IBM Java SDK (July 2025) affects IBM InfoSphere Information Server (CVE-2025-30754)
Summary There is a vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. The issue was disclosed as part of the IBM Java SDK updates in July 2025. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Jav...
Security Bulletin: This Power System update is being released to address CVE-2025-36035
Summary The PowerVM hypervisor is vulnerable to a carefully crafted IBMi hypervisor call that can crash system or make a limited amount of system memory available Vulnerability Details CVEID:CVE-2025-36035 DESCRIPTION: The PowerVM hypervisor could allow a local privileged user to cause a denial o...
Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities.
Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. CVE-2025-21587, CVE-2025-30698, CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerabilities [CVE-2024-57965, CVE-2025-27152]
Summary IBM Security SOAR uses an older version of axios that may be identified and exploited. Updates for supported versions have been released which address the issues. It is recommended customers upgrade to the latest applicable fix pack 51.0.7.0 Vulnerability Details CVEID:CVE-2024-57965...
Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-22097 DESCRIPTION: In the Linux kernel, the following vulnerability has...
Security Bulletin: IBM QRadar SIEM is affected by by improper permission assignment (CVE-2025-0164)
Summary IBM QRadar SIEM is affected by improper permission assignment. Local privileged users may perform unauthorized actions on configuration files. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-0164 DESCRIPTION: IBM QRadar SIEM could allow a local...
Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services
Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-50059...