New IBM Product Security Central website

IBM has launched the new IBM Product Security Central website to provide an improved user experience for customers. Access the new website at https://www.ibm.com/support/pages/bulletin/ The IBM PSIRT Blog website is scheduled to be sunset later this year

Critical Severity

An Update on the OpenSSL vulnerability CVE-2022-3602

November 1, 2022: IBM is responding to the reported buffer overflow vulnerability that the OpenSSL open-source community disclosed for OpenSSL versions 3.0.0 – 3.0.6. We are taking action as an enterprise, and for IBM products and services that may potentially be impacted, as we do for all vulnerabilities rated High. Read more on IBM Product Security Central

IBM suspends business in Russia

June 14, 2022: An update on the war in Ukraine IBM has suspended business in Russia, including engagement with Russian clients, business partners, suppliers, vendors, resellers, developers and OEMs and is conducting an orderly wind-down of all business there. IBM is closely monitoring the war in Ukraine and has taken action to protect client and internal […]

New IBM Product Security Central website

November 8, 2022

IBM has launched the new IBM Product Security Central website to provide an improved user experience for customers. Access the new website at https://www.ibm.com/support/pages/bulletin/ The IBM PSIRT Blog website is scheduled to be sunset later this year ...read more


An Update on the OpenSSL vulnerability CVE-2022-3602

October 31, 2022 | Critical Severity

November 1, 2022: IBM is responding to the reported buffer overflow vulnerability that the OpenSSL open-source community disclosed for OpenSSL versions 3.0.0 – 3.0.6. We are taking action as an enterprise, and for IBM products and services that may potentially be impacted, as we do for all vulnerabilities rated High. Read more on IBM Product Security Central ...read more


IBM suspends business in Russia

June 14, 2022

June 14, 2022: An update on the war in Ukraine IBM has suspended business in Russia, including engagement with Russian clients, business partners, suppliers, vendors, resellers, developers and OEMs and is conducting an orderly wind-down of all business there. IBM is closely monitoring the war in Ukraine and has taken action to protect client and internal ...read more


An Update on the war in Ukraine

March 7, 2022

Mar 7: IBM has suspended all business in Russia. IBM is closely monitoring the war in Ukraine and is taking action to protect its internal operations and to continue delivery of products and services to customers worldwide. ...read more


An update on the Apache Log4j 2.x vulnerabilities

February 11, 2022 | Critical Severity

Updated February 11, 3:42pm: IBM’s top priority remains the security of our clients and products. IBM is actively responding to the remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam). ...read more


Security Bulletin: IBM Maximo Mobile is vulnerable to Information Disclosure (CVE-2022-41732)

November 25, 2022 | Medium Severity

IBM Maximo Mobile stores user credentials in plain clear text which can be read by a local user. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect App Connect Professional.

November 25, 2022 | Medium Severity

There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Jul pr 2022, App Connect Professional have addressed the applicable CVEs. These vulnerabilities are addressed in App connect professional v7.5.5.0, customer can migrate to this version without incurring any additional cost. ...read more


Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to X-Force 237819

November 25, 2022 | High Severity

Node.js moment-timezone is used by IBM App Connect Enterprise Certified Container for handling timezone information. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability X-Force 237819 in Node.js moment-timezone. ...read more


Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2022-3676)

November 24, 2022 | Medium Severity

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. ...read more


Security Bulletin: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637)

November 24, 2022 | Medium Severity

IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. ...read more


Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-28167)

November 24, 2022 | Medium Severity

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. ...read more


Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-41041)

November 24, 2022 | Medium Severity

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. ...read more


Security Bulletin: IBM Sterling Control Center vulnerable to multiple issues to due IBM Cognos Analystics (CVE-2022-4160, CVE-2021-3733)

November 23, 2022 | Medium Severity

IBM Cognos Analytics is shipped with IBM Sterling Control Center. To address multiple vulnerabilities, IBM Sterling Control Center now includes IBM Cognos Analytics 11.1.7.6. ...read more


Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Websphere Liberty (CVE-2022-24839)

November 23, 2022 | High Severity

IBM Sterling Control Center is vulnerable to potential a denial of service, caused by a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup in the fork of org.cyberneko.html. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. ...read more