35608 matches found
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Kafka ( CVE-2025-27817,CVE-2025-27818 & CVE-2025-27819 )
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Deserialization of Untrusted Data and Server-Side Request Forgery SSRF due to Apache Kafka. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability has been identified in Apache...
Security Bulletin: Vulnerability in Sudo package affects IBM Integrated Analytics System.
Summary The Sudo package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2021-3156, CVE-2019-19234, CVE-2019-19232. Vulnerability Details CVEID:CVE-2021-3156 DESCRIPTION: Sudo before 1.9.5p2 contains an off-by-one error that can resu...
Security Bulletin: IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Commons Lang & FileUpload ( CVE-2025-48924 & CVE-2025-48976 )
Summary IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Commons Lang & Apache Commons FileUpload. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...
Security Bulletin: Vulnerability in moment.js affects IBM Integrated Analytics System [CVE-2022-31129]
Summary The moment.js package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2022-31129. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: moment is a JavaScript date library for parsing, validating, manipulating, and formatti...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM)(CVE-2025-33142)
Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Encoding or Escaping of Output due to xmldom ( CVE-2021-32796 )
Summary IBM App Connect Enterprise is vulnerable to Improper Encoding or Escaping of Output due to xmldom. Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions...
Security Bulletin: IBM QRadar SIEM is affected by local privilege escalation and cross-site scripting (CVE-2025-33120, CVE-2025-36042)
Summary IBM QRadar SIEM is affected by local privilege escalation and cross-site scripting, which could enable authenticated users to obtain elevated privileges and compromise the web UI potentially impacting session confidentiality. Vulnerability Details CVEID:CVE-2025-33120 DESCRIPTION: IBM...
Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera
Summary On April 1, 2025, a critical vulnerability in the parquet-avro module of Apache Parquet CVE-2025-30065, CVSS score 10.0 was announced. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows ba...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plu...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Apr 2025 - Includes OpenJDK April 2025 CPU pl...
Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3
Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been addressed CVE-2025-36097,CVE-2024-56339 Vulnerability Details Refer to the security...
Security Bulletin: Vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis (CVE-2019-11358, CVE-2020-23064, CVE-2020-11023, CVE-2020-11022)
Summary Cross-site scriptingXSS vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis. It allows remote attackers to execute a script in a victim's Web browser. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal,...
Security Bulletin: A Security vulnerability in OpenSSL affects IBM DevOps Code ClearCase
Summary OpenSSL vulnerability were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase.CVE-2024-9143 Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field...
Security Bulletin: Multiple Secuirty vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge
Summary Multiple secuirty vulnerabilities impacting IBM Knowledge Catalog Standard Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...
Security Bulletin: AIX/VIOS is affected by arbitrary code execution (CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517) due to Python
Summary Vulnerabilities in Python could allow an attacker to execute arbitrary code CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools ...
Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution (CVE-2025-27516)
Summary IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution. IBM SOAR QRadar Plugin app has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating...
Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-53506, CVE-2025-52434 and CVE-2025-52520 )
Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-53506 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that...
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0 Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did n...
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0 Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability (CVE-2024-56339)
Summary IBM WebSphere Application Server and Webphere Application Server Liberty are affected by a security bypass caused by a failure to honor security configuration. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server...
Security Bulletin: The B2B API of IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service (CVE-2025-25193)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...
Security Bulletin: Carbon design system packages
Summary Various packages are vulnerable to multiples CVEs and can be resolved by updating to [email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected]....
Security Bulletin: Insufficiently protected credentials and improper output neutralization for logs might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to insufficiently protected credentials and improper output neutralization for logs. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing...
Security Bulletin: AS4 of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting (CVE-2025-33008)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cross-site scripting security vulnerability Vulnerability Details CVEID:CVE-2025-33008 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an...
Security Bulletin: The Container Version of the B2B API of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-2988)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure security vulnerability Vulnerability Details CVEID:CVE-2025-2988 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive server information to an unauthorized use...
Security Bulletin: IBM WebSphere Application Server which is bundled with WebSphere Remote Server, could provide weaker than expected security (CVE-2025-33142)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a ty...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by ...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-33142)
Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) could provide weaker than expected security
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM could provide weaker than expected security CVE-2025-33142 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-36097, CVE-2024-56339)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-43204, CVE-2024-43394, CVE-2024-42516 , CVE-2025-54090]
Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-43204, CVE-2024-43394, CVE-2024-42516 , CVE-2025-54090 Vulnerability Details Refer to the security...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-27907,CVE-2025-33104, CVE-2025-36038)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server, which impacts IBM Tivoli Netcool Configuration Manager
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Multiple vulnerabilities were addressed in IBM WebSphere Application Server CVE-2024-56339, CVE-2025-36097, CVE-2024-43204, CVE-2024-43394, CVE-2024-42516. Vulnerability...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2015-5305 DESCRIPTION: Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with...
Security Bulletin: IBM Datapower Operations Dashboard could allow attackers to create new valid signatures different from previous signatures for a known message CVE-2020-36843
Summary EdDSA is used by the IBM Datapower Operations Dashboard for its cryptographic implementation Vulnerability Details CVEID:CVE-2020-36843 DESCRIPTION: The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA...
Security Bulletin: IBM Datapower Operations Dashboard could lead to excessive CPU consumption CVE-2024-29857
Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS befo...
Security Bulletin: IBM i is affected by an authenticated user gaining elevated privileges due to a web session hijacking vulnerability in IBM Digital Certificate Manager for i [CVE-2025-36119].
Summary IBM i is affected by a user authenticated to IBM Digital Certificate Manager for i gaining elevated privileges due to a web session hijacking vulnerability as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as describ...
Security Bulletin: IBM QRadar Log Source Management app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Log Source Management app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is ...
Security Bulletin: IBM QRadar Data Synchronization app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management v11.6.3. Vulnerability Details CVEID:CVE-2025-30698 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity and low...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-48976)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service attack due to an Apache Commons FileUpload vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerabili...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-33142)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a weaker than expected security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the securit...
Security Bulletin: A security vulnerability has been discovered in IBM Verify Identity Access OIDC Provider (CVE-2024-56171)
Summary A security vulnerability has been addressed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2024-56171 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in...
Security Bulletin: The Document Service Container of IBM Stelring B2B Integrator and IBM Sterling File Gateway is vulnerable to Informaton Disclosure (177835)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure security vulnerability Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper...