35598 matches found
Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3
Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been addressed CVE-2025-36097,CVE-2024-56339 Vulnerability Details Refer to the security...
Security Bulletin: Vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis (CVE-2019-11358, CVE-2020-23064, CVE-2020-11023, CVE-2020-11022)
Summary Cross-site scriptingXSS vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis. It allows remote attackers to execute a script in a victim's Web browser. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal,...
Security Bulletin: A Security vulnerability in OpenSSL affects IBM DevOps Code ClearCase
Summary OpenSSL vulnerability were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase.CVE-2024-9143 Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field...
Security Bulletin: Multiple Secuirty vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge
Summary Multiple secuirty vulnerabilities impacting IBM Knowledge Catalog Standard Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...
Security Bulletin: AIX/VIOS is affected by arbitrary code execution (CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517) due to Python
Summary Vulnerabilities in Python could allow an attacker to execute arbitrary code CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools ...
Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution (CVE-2025-27516)
Summary IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution. IBM SOAR QRadar Plugin app has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating...
Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-53506, CVE-2025-52434 and CVE-2025-52520 )
Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-53506 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that...
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0 Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did n...
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0 Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability (CVE-2024-56339)
Summary IBM WebSphere Application Server and Webphere Application Server Liberty are affected by a security bypass caused by a failure to honor security configuration. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server...
Security Bulletin: The B2B API of IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service (CVE-2025-25193)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...
Security Bulletin: Carbon design system packages
Summary Various packages are vulnerable to multiples CVEs and can be resolved by updating to [email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected]....
Security Bulletin: Insufficiently protected credentials and improper output neutralization for logs might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to insufficiently protected credentials and improper output neutralization for logs. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing...
Security Bulletin: AS4 of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting (CVE-2025-33008)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cross-site scripting security vulnerability Vulnerability Details CVEID:CVE-2025-33008 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an...
Security Bulletin: The Container Version of the B2B API of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-2988)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure security vulnerability Vulnerability Details CVEID:CVE-2025-2988 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive server information to an unauthorized use...
Security Bulletin: IBM WebSphere Application Server which is bundled with WebSphere Remote Server, could provide weaker than expected security (CVE-2025-33142)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a ty...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by ...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-33142)
Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) could provide weaker than expected security
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM could provide weaker than expected security CVE-2025-33142 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-36097, CVE-2024-56339)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-43204, CVE-2024-43394, CVE-2024-42516 , CVE-2025-54090]
Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-43204, CVE-2024-43394, CVE-2024-42516 , CVE-2025-54090 Vulnerability Details Refer to the security...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-27907,CVE-2025-33104, CVE-2025-36038)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server, which impacts IBM Tivoli Netcool Configuration Manager
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Multiple vulnerabilities were addressed in IBM WebSphere Application Server CVE-2024-56339, CVE-2025-36097, CVE-2024-43204, CVE-2024-43394, CVE-2024-42516. Vulnerability...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2015-5305 DESCRIPTION: Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with...
Security Bulletin: IBM Datapower Operations Dashboard could allow attackers to create new valid signatures different from previous signatures for a known message CVE-2020-36843
Summary EdDSA is used by the IBM Datapower Operations Dashboard for its cryptographic implementation Vulnerability Details CVEID:CVE-2020-36843 DESCRIPTION: The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA...
Security Bulletin: IBM Datapower Operations Dashboard could lead to excessive CPU consumption CVE-2024-29857
Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS befo...
Security Bulletin: IBM i is affected by an authenticated user gaining elevated privileges due to a web session hijacking vulnerability in IBM Digital Certificate Manager for i [CVE-2025-36119].
Summary IBM i is affected by a user authenticated to IBM Digital Certificate Manager for i gaining elevated privileges due to a web session hijacking vulnerability as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as describ...
Security Bulletin: IBM QRadar Log Source Management app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Log Source Management app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is ...
Security Bulletin: IBM QRadar Data Synchronization app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management v11.6.3. Vulnerability Details CVEID:CVE-2025-30698 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity and low...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-48976)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service attack due to an Apache Commons FileUpload vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerabili...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-33142)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a weaker than expected security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the securit...
Security Bulletin: A security vulnerability has been discovered in IBM Verify Identity Access OIDC Provider (CVE-2024-56171)
Summary A security vulnerability has been addressed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2024-56171 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in...
Security Bulletin: The Document Service Container of IBM Stelring B2B Integrator and IBM Sterling File Gateway is vulnerable to Informaton Disclosure (177835)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure security vulnerability Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper...
Security Bulletin: The B2B API of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service (CVE-2025-23184)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In...
Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization
Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45339 DESCRIPTION: When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log fil...
Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-33142)
Summary IBM WebSphere Application Server could provide weaker than expected security for TLS connections. Vulnerability Details CVEID:CVE-2025-33142 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security for TLS connections. CWE:CWE-295: Improper Certificate...
Security Bulletin: A Security Vulnerability was found in the IBM Security Verify Access product.
Summary IBM Security Verify Access could allow could an unverified user to change the password of an expired user without prior knowledge of that password Vulnerability Details CVEID:CVE-2024-45647 DESCRIPTION: IBM Security Verify Access could allow could an unverified user to change the password...
Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by a security bypass vulnerability (CVE-2025-54090)
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: Multiple vulnerabilities in python and babel runtime affect IBM DevOps Automation Code
Summary Python version 3.9.15, vulnerable to CVE-2023-27043, CVE-2024-3220 and babel version 7.27.7 vulnerable to CVE-2025-27789 are used inside DevOps Automation Code 1.0.1 containers. Vulnerability Details CVEID:CVE-2024-3220 DESCRIPTION: There is a defect in the CPython standard library module...
Security Bulletin: IBM Planning Analytics is vulnerable to a Denial of Service due to the use of Apache Commons
Summary There is a vulnerability in one of the Open Source Software OSS components consumed by IBM Planning Analytics. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics Workspace and not any nested dependencies within the product...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-48988, CVE-2025-49125 & CVE-2025-48976 )
Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-48988 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 throug...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to disclosure of information.
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty CVE-2024-47535CVE-2025-25193 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...