Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Transformer. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact. CVSS Source: IBM X-For...

Security Bulletin: IBM Cognos Analytics is affected by security vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Analytics. There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to a Stored Cross-Site Scripting XSS vulnerability...

Security Bulletin: Due to use of Corosync, IBM MQ is vulnerable to a stack-based buffer overflow

Summary Corosync is used by IBM MQ as part of the RDQM component CVE-2025-30472 Vulnerability Details CVEID:CVE-2025-30472 DESCRIPTION: Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in...

Security Bulletin: The SNI is incorrect when more than one channel connects through an IBM MQ IPT client route

Summary IBM MQ has addressed an authentication bypass vulnerability in IBM MQ IPT CVE-2025-33181 Vulnerability Details CVEID:CVE-2025-33181 DESCRIPTION: CWE:CWE-295: Improper Certificate Validation CVSS Source: IBM CVSS Base score: 5.9 CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N...

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause hi...

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime Environment (CVE-2025-21587, CVE-2025-30698, CVE-2025-2900)

Summary Multiple issues were identified with the IBM Semeru Runtime Environment which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high...

Security Bulletin: IBM MQ Client can send data resulting in SIGSEGV and amqrmppa process ending

Summary IBM MQ has addressed a denial of service vulnerability CVE-2025-3631 Vulnerability Details CVEID:CVE-2025-3631 DESCRIPTION: An IBM MQ Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. CWE:CWE-416: Use After Free CVSS Source: IBM...

Security Bulletin: IBM MQ Appliance affected by a denial of service vulnerability (CVE-2025-3631)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-3631 DESCRIPTION: An IBM MQ Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. CWE:CWE-416: Use After Free CVSS Source: IBM CVSS...

Security Bulletin: This Power System update is being released to address CVE-2023-1206

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-1206, by upgrading PowerVM and thus addressing the exposure t...

Security Bulletin: This Power System update is being released to address CVE-2024-35857

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2024-35857, by upgrading PowerVM and thus addressing the exposure ...

Security Bulletin: This Power System update is being released to address CVE-2025-0395

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerability, CVE-2025-0395, by...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary There are vulnerabilities in Open Source Software OSS components consumed by IBM Planning Analytics. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics Workspace and not any nested dependencies within the product. Vulnerability...

Security Bulletin: IBM Storage Ceph is vulnerable to NULL Pointer Dereference in the RHEL UBI (CVE-2024-33600)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-33600 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-33600 DESCRIPTION: nscd: Null pointer crashes after notfound response If the Name...

Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in the RHEL UBI (CVE-2024-25062, CVE-2023-39615, CVE-2023-45322)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-25062, CVE-2023-39615, CVE-2023-45322. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: GNOME libxml2 is vulnerable t...

Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in the RHEL UBI (CVE-2024-25062)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-25062 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x...

Security Bulletin: IBM Storage Ceph is vulnerable to Insecure Inherited Permissions in the RHEL UBI (CVE-2024-22365)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-22365 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: linux-pam aka Linux PAM before 1.6.0 allows attackers to cause...

Security Bulletin: IBM Storage Ceph is vulnerable to Race Condition in the RHEL UBI (CVE-2023-3758)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-3758 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-3758 DESCRIPTION: A race condition flaw was found in sssd where the GPO policy is...

Security Bulletin: IBM Storage Ceph is vulnerable to Channel Accessible by Non-Endpoint in the RHEL UBI (CVE-2023-7008)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-7008 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-7008 DESCRIPTION: systemd is vulnerable to a man-in-the-middle attack, caused by a...

Security Bulletin: IBM Storage Ceph is vulnerable to Integer Overflow or Wraparound in the RHEL UBI (CVE-2021-43618)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2021-43618 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2021-43618 DESCRIPTION: GNU Multiple Precision Arithmetic Library GMP is vulnerable to...

Security Bulletin: IBM Storage Ceph is vulnerable to zip-bombs leading to denial of service in the RHEL UBI (CVE-2024-0450)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-0450 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-0450 DESCRIPTION: An issue was found in the CPython zipfile module affecting...

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in Jinja2 (CVE-2024-22195)

Summary Jinja2 is used by IBM Storage Ceph and by the RHEL UBI in multiple components. CVE-2024-22195 This bulletin identifies the steps to take to address the vulnerability in Jinja2. Affected components include nvme, grafana, keepalived, haproxy, promtail. snmp, ansible, fence-agents, rust...

Security Bulletin: IBM Storage Ceph is vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the RHEL UBI (CVE-2024-28834)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2024-28834 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2024-28834 DESCRIPTION: GnuTLS could allow a remote authenticated attacker to obtain...

Security Bulletin: IBM Storage Ceph is vulnerable to Injection in the RHEL UBI (CVE-2023-6004)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-6004 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticated attacker to execute...

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2022-4415)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2022-4415 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2022-4415 DESCRIPTION: systemd could allow a local authenticated attacker to obtain...

Security Bulletin: IBM Storage Ceph is vulnerable to Unchecked Return Value in the RHEL UBI (CVE-2023-6918)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-6918 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-6918 DESCRIPTION: A flaw was found in the libssh implements abstract layer for...

Security Bulletin: IBM Storage Ceph is vulnerable to Command Injection in the RHEL UBI (CVE-2020-15778)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2020-15778 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary...

Security Bulletin: IBM Storage Ceph is vulnerable to improper handling of JavaScript whitespace in golang in the RHEL UBI (CVE-2023-24540)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-24540 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Not all valid JavaScript whitespace characters are considered ...

Security Bulletin: IBM Storage Ceph is vulnerable to cross site scripting and denial of service via regular expressions in Grafana

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard, requiring the use of angular to function. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2022-25869, CVE-2023-26118, CVE-2022-25844, CVE-2023-26116, CVE-2024-21490, CVE-2023-26117...

Security Bulletin: IBM Storage Ceph is vulnerable to Code Injection in Golang (CVE-2023-29402)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-29402 This bulletin identifies the steps to take to address the vulnerability in Golang. Vulnerability Details CVEID:CVE-2023-29402 DESCRIPTION: The go command may generate unexpected code at build time when using cgo. This may resul...

Security Bulletin: Vulnerability found in Personal Communications through deployment of arbitrary MSI package.

Summary There is a vulnerability in found in Personal Communications through deployment of arbitrary MSI package. Personal Communications has addressed the applicable CVE-2025-1095. Vulnerability Details CVEID:CVE-2025-1095 DESCRIPTION: IBM Personal Communications includes a Windows service that ...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and path traversal [CVE-2025-47935] [CVE-2025-47944] [CVE-2025-48997] [CVE-2025-48387]

Summary Node.js is used by IBM App Connect Enterprise Certified Container when developing flows and running those flows. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service and path traversal. This...

Security Bulletin: RabbitMQ HTTP API Authorization Bypass Allows Unauthorized Queue Deletion

Summary RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist w...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31125

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31125. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-31125 DESCRIPTION: Vite is a frontend tooling...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses braces-3.0.2.tgz which is vulnerable to CVE-2024-4068

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses braces-3.0.2.tgz which is vulnerable to CVE-2024-4068. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The NPM package braces,...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses serialize-javascript-4.0.0.tgz which is vulnerable to CVE-2024-47554

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses serialize-javascript-4.0.0.tgz which is vulnerable to CVE-2024-47554. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-30208

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-30208. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-30208 DESCRIPTION: Vite, a provider of fronte...

Security Bulletin: IBM App Connect for Healthcare is vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO ( CVE-2024-47554 )

Summary IBM App Connect for Healthcare is vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class m...

Security Bulletin: Zipp Path Module Denial of Service via Malformed ZIP File

Summary zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a local attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cookie-0.4.1.tgz which is vulnerable to CVE-2024-47764

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cookie-0.4.1.tgz which is vulnerable to CVE-2024-47764. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: cookie is a basic HTTP...

Security Bulletin: IBM Cloud Pak System is vulnerable to HTML injection[CVE-2023-38007].

Summary IBM Cloud Pak System is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Vulnerability was addressed in IBM Cloud Pak System. Vulnerability...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to activemq-web (CVE-2012-6092, CVE-2015-6524, CVE-2016-0734, CVE-2011-4905, CVE-2012-6551, CVE-2013-1879, CVE-2013-1880)

Summary Cross-site scripting XSS, brute force attack, denial of service vulnerabilities in activemq-web may affect IBM Spectrum Control. CVE-2012-6092, CVE-2015-6524, CVE-2016-0734, CVE-2011-4905, CVE-2012-6551, CVE-2013-1879, CVE-2013-1880 Vulnerability Details CVEID:CVE-2012-6092 DESCRIPTION:...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to Multer middleware of node.js (CVE-2025-47935)

Summary Multer is vulnerable to a denial of service attack. This vulnerability affects IBM Spectrum Control. CVE-2025-47935. Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resourc...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to protobuf-java (CVE-2024-7254)

Summary protobuf-java is vulnerable to a StackOverflow attack. This vulnerability affects IBM Spectrum Control. CVE-2024-7254. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to activemq-core (CVE-2014-3600, CVE-2013-1879, CVE-2015-6524, CVE-2011-4905)

Summary XML external entity XXE, cross-site scripting XSS, brute force attack, denial of service vulnerabilities in activemq-core may affect IBM Spectrum Control. CVE-2014-3600, CVE-2013-1879, CVE-2015-6524, CVE-2011-4905. Vulnerability Details CVEID:CVE-2014-3600 DESCRIPTION: XML external entity...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to path-to-regexp (CVE-2024-52798)

Summary path-to-regexp is vulnerable to a backtracking attack. This vulnerability affects IBM Spectrum Control. CVE-2024-52798. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-27152)

Summary axios is vulnerable to SSRF and credential leakage attacks. These vulnerabilities affect IBM Spectrum Control. CVE-2025-27152. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to Camel-core (CVE-2020-11971)

Summary Rebind Flaw vulnerability in Camel-core may affect IBM Spectrum Control. CVE-2020-11971. Vulnerability Details CVEID:CVE-2020-11971 DESCRIPTION: Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrad...