Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-32395 DESCRIPTION: Vite is a frontend tooling...

Security Bulletin: IBM DevOps Build addresses multiple vulnerabilities.

Summary IBM DevOps Build 7.1.0.0 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-46544 DESCRIPTION: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk configuration which may lead to...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24010 DESCRIPTION: Vite is a frontend tooling...

Security Bulletin: IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516.

Summary IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses jetty-http-10.0.22.jar and jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516 and CVE-2024-6763

Summary IBM Maximo Application Suite - IoT Component uses jetty-http-10.0.22.jar and jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516 and CVE-2024-6763. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6763...

Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789.

Summary IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2022-40897, CVE-2024-6345"

Summary IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2022-40897, CVE-2024-6345". This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a...

Security Bulletin: IBM Maximo Application Suite uses jinja2-3.1.5-py3-none-any.whl and prismjs-1.29.0.tgz which is vulnerable to CVE-2025-27516 and CVE-2024-53382 This bulletin contains information regarding the vulnerability and its fixture.

Summary IBM Maximo Application Suite uses jinja2-3.1.5-py3-none-any.whl and prismjs-1.29.0.tgz which is vulnerable to CVE-2025-27516 and CVE-2024-53382 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is ...

Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152

Summary IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"

Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"

Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152

Summary IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2024-3651, CVE-2023-32681, CVE-2024-35195, CVE-2024-37891"

Summary IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2024-3651, CVE-2023-32681, CVE-2024-35195, CVE-2024-37891". This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna...

Security Bulletin: IBM Truststore Manager uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797.

Summary IBM Truststore Manager uses cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-12797. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC72...

Security Bulletin: IBM Common Licensing using IBM® SDK, Java™ Technology Edition vulnerable to CVEs

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 202...

Security Bulletin: IBM i is affected by a user gaining elevated privileges due to an unqualified library call vulnerability in IBM Facsimile Support for i [CVE-2025-36004].

Summary IBM i is affected by a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call vulnerability in IBM Facsimile Support for i as described in the vulnerability details section. This bulletin identifies the steps to take to...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2025) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2025. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified...

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-context-6.2.3.jar (CVE-2025-22233)

Summary IBM Sterling Connect:Direct Web Services uses spring-context-6.2.3.jar, which has vulnerability CVE-2025-22233. This has been addressed in fixpacks that are available on Fix Central. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...

Security Bulletin: IBM Jazz for Service Management is vulnerable due to Log4j 1.2 SocketServer Remote Code Execution and Deserialization of Untrusted Data

Summary IBM Jazz for Service Management is vulnerable due to Log4j 1.2 SocketServer Remote Code Execution and Deserialization of Untrusted Data CVE-2022-23305, CVE-2019-17571, CVE-2020-9493, CVE-2015-5254, CVE-2016-3088, CVE-2023-46604. Vulnerability Details CVEID:CVE-2022-23305 DESCRIPTION: By...

Security Bulletin: IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel

Summary IBM Jazz for Service Management is vulnerable due to issues in JDOM, Apache Log4j 1.x, Apache ActiveMQ and Apache Camel CVE-2021-33813, CVE-2022-23302, CVE-2022-23307, CVE-2023-26464, CVE-2019-0222, CVE-2022-41678, CVE-2018-11775, CVE-2020-11971, CVE-2019-0188, CVE-2017-5643. Vulnerabilit...

Security Bulletin: IBM App Connect Enterprise has multiple vulnerabilities due to IBM Semeru Runtime (CVE-2025-21587, CVE-2025-30698 & CVE-2025-2900)

Summary There are multiple vulnerabilities in IBM App Connect Enterprise due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and...

Security Bulletin: IBM watsonx Code Assistant IDE Extensions affected by prismjs Cross-Site Scripting vulnerability

Summary prismjs library is used by IBM watsonx Code Assistant IDE Extensions. CVE-2024-53382. This bulletin outlines the necessary steps to address and remediate the vulnerability. Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows DOM Clobbering with...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a Denial of Service due to Node.js module Multer ( CVE-2025-47935 & CVE-2025-47944 )

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor is vulnerable to a Denial of Service due to Node.js module Multer. Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are...

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.28 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-38286 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from...

Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2_u1

Summary Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2u1. The vulnerabilities have been addressed in Data Protect 7.2.2u1, which is included with IBM Storage Defender 2.0.14. Vulnerability Details CVEID:CVE-2023-26118...

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: json-schema is vulnerable to Improperly Controlled Modification of Object...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)

Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to file descriptor exhaustion due to the Jetty package (CVE-2024-22201).

Summary Jetty is used by DataStage on Cloud Pak for Data as part of web server processing. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. ...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to directory traversal due to the pip package (CVE-2019-20916)

Summary Pip is used by DataStage on Cloud Pak for Data as part of package management. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have...

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.

Summary IBM DevOps Release 7.0.0.4 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2024-46544 DESCRIPTION: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2025-21587, CVE-2025-30698, CVE-2025-4447, CVE-2025-47935, CVE-2025-47944, CVE-2025-27789, CVE-2025-46653, CVE-2025-48997, CVE-2025-48050. Vulnerability Details CVEID:CVE-2025-2158...

Security Bulletin: Due to use of mina-core IBM My webMethods Server is vulnerable to Insecure Java Deserilization

Summary IBM My webMethods Server includes mina-core as part of its OSGi platform, which is affected by a known vulnerability CVE-2024-52046. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-52046 DESCRIPTION: The...

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. .The vulnerability has been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in Eclipse OMR affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Eclipse OMR has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability has been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-34064]

Summary The jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys...

Security Bulletin: Vulnerability in jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-22195]

Summary The jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-22195 Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Jinja is an extensible templating engine. Special placeholders in the template allow...

Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 ]

Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.2

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.2 Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a...

Security Bulletin: Vulnerabilities in Jinja , cryptography & OpenSSL can affect IBM Storage Protect Plus File Systems Agent Backup and Restore

Summary IBM Storage Protect Plus File Systems Agent Backup and Restore can be affected by vulnerabilities in Jinja & cryptography which includes execution of untrusted templates, man-in-middle attacks & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in netty-handler (CVE-2025-24970)

Summary A vulnerability in Netty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service (CVE-2025-3221)

Summary A denial of service vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-3221 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper ownership management (CVE-2025-3629)

Summary A vulnerability due to improper ownership management in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-3629 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to delete another user's comments due to improper ownership...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Jinja (CVE-2025-27516)

Summary A vulnerability in Jinja that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allow...

Security Bulletin: This Power System update is being released to address CVE-2025-0395

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerability, CVE-2025-0395, by...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Java may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server and Java. This flaws can lead to denial of service in Netty, denial of service partial DOS, denial of service via introspection queries, unauthorized update, insert or delete...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Java may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server and Java. This flaws can lead to denial of service in Netty, denial of service partial DOS, denial of service via introspection queries, unauthorized update, insert or delete...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Java may affect IBM Storage Protect for Virtual Environments (Data Protection for VMware and Data Protection for Hyper-V)

Summary IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server and Java. This flaws can lead to denial of service in Netty, denial of service partial DOS, denial of service via...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Vulnerability in jetty-server affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6763, CVE-2024-8184]

Summary The jetty-server package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6763, CVE-2024-8184 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web...