Report Security Vulnerabilities

A security vulnerability is a set of conditions in the design, implementation, operation or management of a product or service that is unable to prevent an attack by a party resulting in exploitations such as controlling or disrupting operation, compromising (i.e. deleting, altering or extracting) data or assuming ungranted trust or identity.

Note: If you are concerned about a potential security vulnerability in the IBM website please send email to .

Customers and other entitled users of a product or solution should contact IBM Technical Support to report issues discovered in IBM offerings. If the IBM Technical Support Team determines that a reported issue is a security vulnerability, it will contact the appropriate Security and/or System Integrity groups and inform IBM PSIRT, as needed. These IBM teams will collaborate as required to address the issue.

Security Vulnerability Submission by Email

Vulnerability information can be extremely sensitive. When using email to report a potential security issue to IBM PSIRT, you may encrypt it using our PGP public key (ASC, 2.26KB). Please direct these emails to IBM PSIRT. It is important to include at least the following information in the email:

  • Organization and contact name
  • Your Reference / Advisory Number
  • Products or solutions and versions affected
  • Description of the potential vulnerability
  • Supporting technical details (such as system configuration, traces, description of exploit/attack code, sample packet capture, proof of concept, steps to reproduce the issue)
  • Information about known exploits
  • Disclosure plans, if any
  • If you want public recognition