Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-1188 (GCVE-0-2026-1188)
Vulnerability from cvelistv5 – Published: 2026-01-29 08:36 – Updated: 2026-01-29 16:42
VLAI
EPSS
Summary
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Eclipse OMR |
Affected:
0.2.0 , < 0.8.0
(semver)
|
Credits
Daryl Maier
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T16:35:44.929949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T16:42:05.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse OMR",
"repo": "https://github.com/eclipse-omr/omr",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "0.8.0",
"status": "affected",
"version": "0.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daryl Maier"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0."
}
],
"value": "In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T08:36:02.880Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://github.com/eclipse-omr/omr/pull/8082"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2026-1188",
"datePublished": "2026-01-29T08:36:02.880Z",
"dateReserved": "2026-01-19T13:36:58.386Z",
"dateUpdated": "2026-01-29T16:42:05.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-1188",
"date": "2026-06-18",
"epss": "0.00491",
"percentile": "0.383"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-1188\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2026-01-29T09:16:03.560\",\"lastModified\":\"2026-02-09T15:20:46.133\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-131\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:omr:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.2\",\"versionEndExcluding\":\"0.8.0\",\"matchCriteriaId\":\"6A12DEA6-8CCB-4FD4-B35D-F36499A744ED\"}]}]}],\"references\":[{\"url\":\"https://github.com/eclipse-omr/omr/pull/8082\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1188\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-29T16:35:44.929949Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T16:41:51.012Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Daryl Maier\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/eclipse-omr/omr\", \"vendor\": \"Eclipse Foundation\", \"product\": \"Eclipse OMR\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.2.0\", \"lessThan\": \"0.8.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/eclipse-omr/omr/pull/8082\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-131\", \"description\": \"CWE-131 Incorrect Calculation of Buffer Size\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2026-01-29T08:36:02.880Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-1188\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-29T16:42:05.567Z\", \"dateReserved\": \"2026-01-19T13:36:58.386Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2026-01-29T08:36:02.880Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2026-0283
Vulnerability from csaf_certbund - Published: 2026-02-02 23:00 - Updated: 2026-03-03 23:00Summary
IBM Tivoli Netcool/OMNIbus: Schwachstelle ermöglicht nicht spezifizierten Angriff
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Tivoli Netcool/OMNIbus ist eine Software zum Betriebsmanagement von IBM.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Tivoli Netcool/OMNIbus ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Netcool/OMNIbus <8.1.0.36
IBM / Tivoli Netcool/OMNIbus
|
<8.1.0.36 | ||
|
IBM Tivoli Netcool/OMNIbus
IBM / Tivoli Netcool/OMNIbus
|
cpe:/a:ibm:tivoli_netcool%2fomnibus:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Tivoli Netcool/OMNIbus ist eine Software zum Betriebsmanagement von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Tivoli Netcool/OMNIbus ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0283 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0283.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0283 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0283"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-02-02",
"url": "https://www.ibm.com/support/pages/node/7259419"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7259913 vom 2026-02-06",
"url": "https://www.ibm.com/support/pages/node/7259913"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7259419 vom 2026-02-24",
"url": "https://www.ibm.com/support/pages/node/7259419"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262494 vom 2026-03-04",
"url": "https://www.ibm.com/support/pages/node/7262494"
}
],
"source_lang": "en-US",
"title": "IBM Tivoli Netcool/OMNIbus: Schwachstelle erm\u00f6glicht nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2026-03-03T23:00:00.000+00:00",
"generator": {
"date": "2026-03-04T11:19:02.017+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0283",
"initial_release_date": "2026-02-02T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-03T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Netcool/OMNIbus",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus",
"product_id": "T004181",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.1.0.36",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus \u003c8.1.0.36",
"product_id": "T050480"
}
},
{
"category": "product_version",
"name": "8.1.0.36",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus 8.1.0.36",
"product_id": "T050480-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0.36"
}
}
}
],
"category": "product_name",
"name": "Tivoli Netcool/OMNIbus"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1188",
"product_status": {
"known_affected": [
"T050480",
"T004181",
"T032495"
]
},
"release_date": "2026-02-02T23:00:00.000+00:00",
"title": "CVE-2026-1188"
}
]
}
WID-SEC-W-2026-0332
Vulnerability from csaf_certbund - Published: 2026-02-05 23:00 - Updated: 2026-02-24 23:00Summary
IBM WebSphere Service Registry and Repository: Schwachstelle ermöglicht nicht spezifizierten Angriff
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM WebSphere Service Registry and Repository ist ein Tool zur Optimierung und Verwaltung einer serviceorientierten Architektur (SOA).
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Service Registry and Repository ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM WebSphere Service Registry and Repository <8.5.6.3_IJ56659
IBM / WebSphere Service Registry and Repository
|
<8.5.6.3_IJ56659 | ||
|
IBM WebSphere Service Registry and Repository 8.5
IBM / WebSphere Service Registry and Repository
|
cpe:/a:ibm:websphere_service_registry_and_repository:8.5
|
8.5 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM WebSphere Service Registry and Repository ist ein Tool zur Optimierung und Verwaltung einer serviceorientierten Architektur (SOA).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Service Registry and Repository ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0332 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0332.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0332 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0332"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-02-05",
"url": "https://www.ibm.com/support/pages/node/7259945"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7259445 vom 2026-02-24",
"url": "https://www.ibm.com/support/pages/node/7259945"
}
],
"source_lang": "en-US",
"title": "IBM WebSphere Service Registry and Repository: Schwachstelle erm\u00f6glicht nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2026-02-24T23:00:00.000+00:00",
"generator": {
"date": "2026-02-25T08:12:09.950+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0332",
"initial_release_date": "2026-02-05T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Service Registry and Repository 8.5",
"product_id": "306235",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.6.3_IJ56659",
"product": {
"name": "IBM WebSphere Service Registry and Repository \u003c8.5.6.3_IJ56659",
"product_id": "T051128"
}
},
{
"category": "product_version",
"name": "8.5.6.3_IJ56659",
"product": {
"name": "IBM WebSphere Service Registry and Repository 8.5.6.3_IJ56659",
"product_id": "T051128-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5.6.3:ij56659"
}
}
}
],
"category": "product_name",
"name": "WebSphere Service Registry and Repository"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1188",
"product_status": {
"known_affected": [
"T051128",
"306235"
]
},
"release_date": "2026-02-05T23:00:00.000+00:00",
"title": "CVE-2026-1188"
}
]
}
WID-SEC-W-2026-0533
Vulnerability from csaf_certbund - Published: 2026-02-25 23:00 - Updated: 2026-02-25 23:00Summary
IBM License Metric Tool: Schwachstelle ermöglicht Codeausführung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das IBM License Metric Tool dient der Lizenzverwaltung für IBM Produkte.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM License Metric Tool ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool <9.2.42
IBM / License Metric Tool
|
<9.2.42 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM License Metric Tool ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0533 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0533.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0533 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0533"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7261918 vom 2026-02-25",
"url": "https://www.ibm.com/support/pages/node/7261918"
}
],
"source_lang": "en-US",
"title": "IBM License Metric Tool: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2026-02-25T23:00:00.000+00:00",
"generator": {
"date": "2026-02-26T12:02:12.052+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0533",
"initial_release_date": "2026-02-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.42",
"product": {
"name": "IBM License Metric Tool \u003c9.2.42",
"product_id": "T051273"
}
},
{
"category": "product_version",
"name": "9.2.42",
"product": {
"name": "IBM License Metric Tool 9.2.42",
"product_id": "T051273-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2.42"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1188",
"product_status": {
"known_affected": [
"T051273"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-1188"
}
]
}
WID-SEC-W-2026-0783
Vulnerability from csaf_certbund - Published: 2026-03-18 23:00 - Updated: 2026-03-18 23:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuführen, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuführen, um einen Cross-Site Scripting Angriff durchzuführen, und um Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM <7.5.0 UP15
IBM / QRadar SIEM
|
<7.5.0 UP15 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Informationen offenzulegen, um einen Denial of Service Angriff durchzuf\u00fchren, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, und um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0783 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0783.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0783 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0783"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7266709 vom 2026-03-18",
"url": "https://www.ibm.com/support/pages/node/7266709"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7266711 vom 2026-03-18",
"url": "https://www.ibm.com/support/pages/node/7266711"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-18T23:00:00.000+00:00",
"generator": {
"date": "2026-03-19T10:08:04.786+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0783",
"initial_release_date": "2026-03-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP15",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP15",
"product_id": "T051890"
}
},
{
"category": "product_version",
"name": "7.5.0 UP15",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP15",
"product_id": "T051890-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up15"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-46337",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2022-46337"
},
{
"cve": "CVE-2022-50673",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2022-50673"
},
{
"cve": "CVE-2022-50865",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2022-50865"
},
{
"cve": "CVE-2023-44483",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2023-44483"
},
{
"cve": "CVE-2023-53552",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2024-26766",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2024-26766"
},
{
"cve": "CVE-2025-12084",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-12084"
},
{
"cve": "CVE-2025-14104",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-14104"
},
{
"cve": "CVE-2025-14242",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-14242"
},
{
"cve": "CVE-2025-15366",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15366"
},
{
"cve": "CVE-2025-15367",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15367"
},
{
"cve": "CVE-2025-23184",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-27533",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-38022",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38022"
},
{
"cve": "CVE-2025-38024",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38024"
},
{
"cve": "CVE-2025-38051",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38051"
},
{
"cve": "CVE-2025-38403",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38403"
},
{
"cve": "CVE-2025-38415",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38415"
},
{
"cve": "CVE-2025-38459",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-38459"
},
{
"cve": "CVE-2025-39760",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-39760"
},
{
"cve": "CVE-2025-39933",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-39933"
},
{
"cve": "CVE-2025-40096",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40135",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40135"
},
{
"cve": "CVE-2025-40158",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40158"
},
{
"cve": "CVE-2025-40170",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40170"
},
{
"cve": "CVE-2025-40258",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40258"
},
{
"cve": "CVE-2025-40269",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40269"
},
{
"cve": "CVE-2025-40271",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40271"
},
{
"cve": "CVE-2025-40322",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-40322"
},
{
"cve": "CVE-2025-48913",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-48913"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-4897",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-4897"
},
{
"cve": "CVE-2025-5372",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-5372"
},
{
"cve": "CVE-2025-53905",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-58457",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-58457"
},
{
"cve": "CVE-2025-6176",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-6176"
},
{
"cve": "CVE-2025-64775",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-64775"
},
{
"cve": "CVE-2025-66418",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-66453",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66453"
},
{
"cve": "CVE-2025-66471",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66471"
},
{
"cve": "CVE-2025-66675",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66675"
},
{
"cve": "CVE-2025-68301",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-68301"
},
{
"cve": "CVE-2025-68349",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-68349"
},
{
"cve": "CVE-2025-8916",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9086",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2026-0865",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-0865"
},
{
"cve": "CVE-2026-1188",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-1188"
},
{
"cve": "CVE-2026-1299",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-1299"
},
{
"cve": "CVE-2026-21441",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21441"
},
{
"cve": "CVE-2026-21925",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-21945"
},
{
"cve": "CVE-2026-22998",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-22998"
},
{
"cve": "CVE-2025-13995",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-13995"
},
{
"cve": "CVE-2025-36051",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-36051"
},
{
"cve": "CVE-2025-15051",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15051"
},
{
"cve": "CVE-2026-1276",
"product_status": {
"known_affected": [
"T051890"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-1276"
}
]
}
WID-SEC-W-2026-0929
Vulnerability from csaf_certbund - Published: 2026-03-30 22:00 - Updated: 2026-05-07 22:00Summary
IBM Semeru Runtime: Schwachstelle ermöglicht Codeausführung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Semeru Runtime ist ein Java Runtime Environment.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Semeru, wie es u.a. in der Power Hardware Management Console und IBM DB2 genutzt wird, ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Semeru Runtime 11.0.12.0-11.0.29.0
IBM / Semeru Runtime
|
cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0
|
11.0.12.0-11.0.29.0 | |
|
IBM Semeru Runtime 17.0.0.0-17.0.17.0
IBM / Semeru Runtime
|
cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0
|
17.0.0.0-17.0.17.0 | |
|
IBM Semeru Runtime 8.0.302.0-8.0.472.0
IBM / Semeru Runtime
|
cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0
|
8.0.302.0-8.0.472.0 | |
|
IBM Power Hardware Management Console V11.1.1110.0-V11.1.1111.4
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v11.1.1110.0_-_v11.1.1111.4
|
V11.1.1110.0-V11.1.1111.4 | |
|
IBM Power Hardware Management Console V10.3.1050.0-V10.3.1063.1
IBM / Power Hardware Management Console
|
cpe:/a:ibm:hardware_management_console:v10.3.1050.0_-_v10.3.1063.1
|
V10.3.1050.0-V10.3.1063.1 | |
|
IBM DB2 12.1.0-12.1.4
IBM / DB2
|
cpe:/a:ibm:db2:12.1.0_-_12.1.4
|
12.1.0-12.1.4 | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Semeru Runtime 21.0.0.0-21.0.9.0
IBM / Semeru Runtime
|
cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0
|
21.0.0.0-21.0.9.0 | |
|
IBM Semeru Runtime 25.0.0.0-25.0.1.0
IBM / Semeru Runtime
|
cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0
|
25.0.0.0-25.0.1.0 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Semeru Runtime ist ein Java Runtime Environment.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Semeru, wie es u.a. in der Power Hardware Management Console und IBM DB2 genutzt wird, ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0929 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0929.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0929 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0929"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268129 vom 2026-03-30",
"url": "https://www.ibm.com/support/pages/node/7268129"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268144 vom 2026-03-31",
"url": "https://www.ibm.com/support/pages/node/7268144"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271934 vom 2026-05-07",
"url": "https://www.ibm.com/support/pages/node/7271934"
}
],
"source_lang": "en-US",
"title": "IBM Semeru Runtime: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2026-05-07T22:00:00.000+00:00",
"generator": {
"date": "2026-05-08T10:32:32.114+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0929",
"initial_release_date": "2026-03-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "3",
"summary": "Pr\u00e4zisierung Semeru Versionsangaben"
},
{
"date": "2026-04-13T22:00:00.000+00:00",
"number": "4",
"summary": "Erg\u00e4nzung PHMC Details in Text und Produktangaben"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.1.0-12.1.4",
"product": {
"name": "IBM DB2 12.1.0-12.1.4",
"product_id": "T052712",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:12.1.0_-_12.1.4"
}
}
}
],
"category": "product_name",
"name": "DB2"
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "V10.3.1050.0-V10.3.1063.1",
"product": {
"name": "IBM Power Hardware Management Console V10.3.1050.0-V10.3.1063.1",
"product_id": "T052713",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10.3.1050.0_-_v10.3.1063.1"
}
}
},
{
"category": "product_version",
"name": "V11.1.1110.0-V11.1.1111.4",
"product": {
"name": "IBM Power Hardware Management Console V11.1.1110.0-V11.1.1111.4",
"product_id": "T052715",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v11.1.1110.0_-_v11.1.1111.4"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_version",
"name": "8.0.302.0-8.0.472.0",
"product": {
"name": "IBM Semeru Runtime 8.0.302.0-8.0.472.0",
"product_id": "T052581",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:semeru_runtime:8.0.302.0_-_8.0.472.0"
}
}
},
{
"category": "product_version",
"name": "11.0.12.0-11.0.29.0",
"product": {
"name": "IBM Semeru Runtime 11.0.12.0-11.0.29.0",
"product_id": "T052582",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:semeru_runtime:11.0.12.0_-_11.0.29.0"
}
}
},
{
"category": "product_version",
"name": "17.0.0.0-17.0.17.0",
"product": {
"name": "IBM Semeru Runtime 17.0.0.0-17.0.17.0",
"product_id": "T052583",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:semeru_runtime:17.0.0.0_-_17.0.17.0"
}
}
},
{
"category": "product_version",
"name": "21.0.0.0-21.0.9.0",
"product": {
"name": "IBM Semeru Runtime 21.0.0.0-21.0.9.0",
"product_id": "T052584",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:semeru_runtime:21.0.0.0_-_21.0.9.0"
}
}
},
{
"category": "product_version",
"name": "25.0.0.0-25.0.1.0",
"product": {
"name": "IBM Semeru Runtime 25.0.0.0-25.0.1.0",
"product_id": "T052585",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:semeru_runtime:25.0.0.0_-_25.0.1.0"
}
}
}
],
"category": "product_name",
"name": "Semeru Runtime"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-1188",
"product_status": {
"known_affected": [
"T052582",
"T052583",
"T052581",
"T052715",
"T052713",
"T052712",
"T021398",
"T052584",
"T052585"
]
},
"release_date": "2026-03-30T22:00:00.000+00:00",
"title": "CVE-2026-1188"
}
]
}
WID-SEC-W-2026-0949
Vulnerability from csaf_certbund - Published: 2026-03-31 22:00 - Updated: 2026-04-07 22:00Summary
IBM Security Verify Access: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Security Verify Access, ehemals IBM Security Access Manager (ISAM), ist eine Zugriffsverwaltungslösung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Security Verify Access ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen sowie Daten zu verändern oder offenzulegen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Security Verify Access <10.0.9.1 IF1
IBM / Security Verify Access
|
<10.0.9.1 IF1 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Security Verify Access, ehemals IBM Security Access Manager (ISAM), ist eine Zugriffsverwaltungsl\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Security Verify Access ausnutzen, um Administratorrechte zu erlangen, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren sowie Daten zu ver\u00e4ndern oder offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0949 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0949.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0949 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0949"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268253 vom 2026-03-31",
"url": "https://www.ibm.com/support/pages/node/7268253"
}
],
"source_lang": "en-US",
"title": "IBM Security Verify Access: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-07T22:00:00.000+00:00",
"generator": {
"date": "2026-04-08T09:55:59.773+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0949",
"initial_release_date": "2026-03-31T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-01T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-18027, EUVD-2026-18033, EUVD-2026-18025, EUVD-2026-18067, EUVD-2026-18066, EUVD-2026-18032"
},
{
"date": "2026-04-07T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2026-19986, EUVD-2026-20001, EUVD-2026-19998"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.9.1 IF1",
"product": {
"name": "IBM Security Verify Access \u003c10.0.9.1 IF1",
"product_id": "T052350"
}
},
{
"category": "product_version",
"name": "10.0.9.1 IF1",
"product": {
"name": "IBM Security Verify Access 10.0.9.1 IF1",
"product_id": "T052350-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:10.0.9.1_if1"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46233",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2023-46233"
},
{
"cve": "CVE-2025-12635",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2025-12635"
},
{
"cve": "CVE-2026-1188",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-1188"
},
{
"cve": "CVE-2026-1342",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-1342"
},
{
"cve": "CVE-2026-1343",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-1343"
},
{
"cve": "CVE-2026-1345",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-1345"
},
{
"cve": "CVE-2026-1346",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-1346"
},
{
"cve": "CVE-2026-1491",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-1491"
},
{
"cve": "CVE-2026-21925",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-21925"
},
{
"cve": "CVE-2026-21932",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-21932"
},
{
"cve": "CVE-2026-21933",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-21933"
},
{
"cve": "CVE-2026-21945",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-21945"
},
{
"cve": "CVE-2026-2475",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-2475"
},
{
"cve": "CVE-2026-2862",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-2862"
},
{
"cve": "CVE-2026-4101",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-4101"
},
{
"cve": "CVE-2026-4364",
"product_status": {
"known_affected": [
"T052350"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-4364"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…