IBM News Articles

Critical IBM API Connect Flaw CVE-2025-13915 Alert

Singapore warns of critical CVE-2025-13915 in IBM API Connect. Authentication bypass flaw scored 9.8 CVSS. Patches and mitigations released.

3 weeks ago

IBM warns of critical API Connect bug enabling remote access

IBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass.

1 month ago

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely.

1 month ago

IBM patches CVSS 10 AIX bug:

Pre-auth RCE on an OS run in mission-critical environments? Might want to patch that...

IBM AIX Hit By 3 Critical Vulnerabilities, One A Perfect 10

IBM AIX vulnerabilities in the Power server operating system could allow remote attackers to execute arbitrary commands or steal credentials.

IBM AIX Vulnerability Lets Remote Attackers Execute Arbitrary Commands

The vulnerabilities span multiple AIX versions and demand immediate remediation from affected organizations.

IBM AIX Flaws Allow Remote Attackers to Run Arbitrary Commands

IBM addressing four severe vulnerabilities in AIX and VIOS systems that could allow remote attackers to execute arbitrary commands.

IBM AIX Flaws Allow Remote Attackers to Run Arbitrary Commands

IBM addressing four severe vulnerabilities in AIX and VIOS systems that could allow remote attackers to execute arbitrary commands.

IBM WebSphere Application Server Vulnerability Allows Remote Code Execution

A critical security vulnerability, tracked as CVE-2025-36038, has been discovered in IBM WebSphere Application Server.

IBM Backup Services Flaw Allows Hackers to Gain Elevated Access

A critical security vulnerability has been identified in IBM’s Backup, Recovery, and Media Services (BRMS) for IBM i, potentially exposing enterprise environments to privilege escalation attacks.

IBM Robotic Process Autmation Vulnerability Let Attackers Obtain Sensitive Data

A newly disclosed security vulnerability in IBM Robotic Process Automation (RPA) has raised concerns about potential data breaches.

IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks

A recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data.

IBM watsonx.ai Vulnerability Let Attackers Embed Arbitrary JavaScript Code in Web UI

IBM disclosed a significant vulnerability in its watsonx.ai platform, potentially exposing users to cross-site scripting (XSS) attacks. The vulnerability, identified as CVE-2024-49785, affects both IBM watsonx.ai on Cloud Pak for Data and standalone IBM watsonx.ai installations. The security flaw al...

IBM Cognos Analytics Vulnerability Allows Malicious File Upload & Injection Attacks

IBM has released a critical security update for its Cognos Analytics software, addressing two severe vulnerabilities: CVE-2023-42017 and CVE-2024-51466.

IBM AIX Vulnerability Let Attackers Trigger DoS Condition

IBM has reported vulnerabilities in its AIX operating system that could allow attackers to cause a Denial of Service (DoS) condition.

IBM QRadar XSS Flaw Let Attackers Arbitrary JavaScript Code

A significant vulnerability was detected in IBM QRadar Suite Software and Cloud Pak for Security that allows attackers to execute arbitrary

CVE-2024-25029 Affects IBM's Personal Communications

IBM has released an advisory and client update to help users deal with CVE-2024-25029 but have stated that its exploitability is not yet certain.

Common Vulnerabilities and Exposures - Cloud WAF

Products Prophaze WAF 3.0 API Security Cloud WAF Kubernetes WAF On Premises WAF WAF API Gateway Bot Protection Layer 7 DDoS Protection Prophaze DNS Solution WAF-as-a-Service MSP and...

CVE-2023-32331 : IBM STERLING CONNECT EXPRESS 1.5.0 ON UNIX MEMORY CORRUPTION - Cloud WAF

CVE-2023-32331 : IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.

CVE-2024-22320 : IBM OPERATIONAL DECISION MANAGER UP TO 8.12.0.1 REQUEST DESERIALIZATION - Cloud WAF

CVE-2024-22320 : IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization.