cvelistv5 - cve-2025-14914

CVE-2025-14914 (GCVE-0-2025-14914)

Vulnerability from cvelistv5

Published

2026-02-02 15:17

Modified

2026-02-26 15:04

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-22

Summary

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

References

URL

Tags

https://www.ibm.com/support/pages/node/7258224

vendor-advisory, patch

Impacted products

	Vendor	Product	Version
	IBM	WebSphere Application Server Liberty	Version: 17.0.0.3 ≤ 26.0.0.1 cpe:2.3:a:ibm:websphere_application_server:17.0.0.3::::liberty::: cpe:2.3:a:ibm:websphere_application_server:25.0.0.7::::liberty:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T04:55:53.045789Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:36.806Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:25.0.0.7:*:*:*:liberty:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "WebSphere Application Server Liberty",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "26.0.0.1",
              "status": "affected",
              "version": "17.0.0.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM WebSphere Application Server Liberty \u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e17.0.0.3 through 26.0.0.1\u0026nbsp;\u003c/span\u003ecould allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1\u00a0could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-02T15:18:35.359Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7258224"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH69485. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/6553910\"\u003eHow to determine if Liberty is using a specific feature\u003c/a\u003e. \u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 using the restConnector-1.0 or restConnector-2.0 feature(s): \u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7257603\"\u003ePH69485\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Liberty Fix Pack 26.0.0.2 or later (targeted availability 1Q2026).\u003cbr\u003e\u003cbr\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH69485. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to  How to determine if Liberty is using a specific feature https://www.ibm.com/support/pages/node/6553910 . \n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 using the restConnector-1.0 or restConnector-2.0 feature(s): \n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH69485 https://www.ibm.com/support/pages/node/7257603 \n--OR--\n\u00b7 Apply Liberty Fix Pack 26.0.0.2 or later (targeted availability 1Q2026).\n\nAdditional interim fixes may be available and linked off the interim fix download page."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM WebSphere Application Server Liberty Path Traversal",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-14914",
    "datePublished": "2026-02-02T15:17:57.060Z",
    "dateReserved": "2025-12-18T19:36:37.167Z",
    "dateUpdated": "2026-02-26T15:04:36.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CERTFR-2026-AVI-0109

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar	QRadar User Behavior Analytics versions antérieures à 5.1.0
IBM	Tivoli	Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de sécurité
IBM	Db2	Db2 versions 12.1.x antérieures à 12.1.2 sans le correctif de sécurité #72296
IBM	Db2	DB2 Data Management Console versions 3.1.1x antérieures à 3.1.13.2
IBM	WebSphere	WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60
IBM	WebSphere	WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60
IBM	Db2	Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 antérieures à 8.3 sur Cloud Pak for Data 5.3
IBM	Db2	Db2 versions 11.5.x antérieures à 11.5.9 sans le correctif de sécurité #66394
IBM	Db2	Db2 version 12.1.3 sans le correctif de sécurité #71609
IBM	Db2	Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 antérieures à 8.3 sur Cloud Pak for Data 5.3
IBM	Db2	Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 antérieures à 8.3 sur Cloud Pak for Data 5.3
IBM	WebSphere	WebSphere Application Server Liberty versions 17.0.0.3 à 26.0.0.1 sans le correctif de sécurité PH69485 ou antérieures à 26.0.0.2 (disponibilité prévue pour le premier trimestre 2026)
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 IF04
IBM	Db2	Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 antérieures à 8.3 sur Cloud Pak for Data 5.3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 5691194	2026-01-28	vendor-advisory
Bulletin de sécurité IBM 7258104	2026-01-27	vendor-advisory
Bulletin de sécurité IBM 7258234	2026-01-28	vendor-advisory
Bulletin de sécurité IBM 7258110	2026-01-27	vendor-advisory
Bulletin de sécurité IBM 7257910	2026-01-23	vendor-advisory
Bulletin de sécurité IBM 7257899	2026-01-23	vendor-advisory
Bulletin de sécurité IBM 7258042	2026-01-26	vendor-advisory
Bulletin de sécurité IBM 7257904	2026-01-23	vendor-advisory
Bulletin de sécurité IBM 7257903	2026-01-23	vendor-advisory
Bulletin de sécurité IBM 7257901	2026-01-23	vendor-advisory
Bulletin de sécurité IBM 7257898	2026-01-23	vendor-advisory
Bulletin de sécurité IBM 7257900	2026-01-23	vendor-advisory
Bulletin de sécurité IBM 7257978	2026-01-25	vendor-advisory
Bulletin de sécurité IBM 7257902	2026-01-23	vendor-advisory
Bulletin de sécurité IBM 7257519	2026-01-29	vendor-advisory
Bulletin de sécurité IBM 7258331	2026-01-29	vendor-advisory
Bulletin de sécurité IBM 7257633	2026-01-29	vendor-advisory
Bulletin de sécurité IBM 7258232	2026-01-28	vendor-advisory
Bulletin de sécurité IBM 7258224	2026-01-28	vendor-advisory
Bulletin de sécurité IBM 7257678	2026-01-29	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 5.1.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.2 sans le correctif de s\u00e9curit\u00e9 #72296",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DB2 Data Management Console versions 3.1.1x ant\u00e9rieures \u00e0 3.1.13.2",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le correctif de s\u00e9curit\u00e9 #66394",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 version 12.1.3 sans le correctif de s\u00e9curit\u00e9 #71609",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 26.0.0.1 sans le correctif de s\u00e9curit\u00e9 PH69485 ou ant\u00e9rieures \u00e0 26.0.0.2 (disponibilit\u00e9 pr\u00e9vue pour le premier trimestre 2026)",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14 IF04",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-2534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2016-2193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2022-2596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2596"
    },
    {
      "name": "CVE-2025-41234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
    },
    {
      "name": "CVE-2025-46762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
    },
    {
      "name": "CVE-2025-36131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
    },
    {
      "name": "CVE-2025-56200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
    },
    {
      "name": "CVE-2024-37071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
    },
    {
      "name": "CVE-2019-9515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
    },
    {
      "name": "CVE-2025-36384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
    },
    {
      "name": "CVE-2024-47118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
    },
    {
      "name": "CVE-2025-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2025-48050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2019-9514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
    },
    {
      "name": "CVE-2025-41248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2025-57810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
    },
    {
      "name": "CVE-2024-41761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2026-21925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2025-36136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
    },
    {
      "name": "CVE-2024-38809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2022-33987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2024-10977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
    },
    {
      "name": "CVE-2025-36006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
    },
    {
      "name": "CVE-2024-48949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
    },
    {
      "name": "CVE-2025-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2025-12758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
    },
    {
      "name": "CVE-2025-6493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6493"
    },
    {
      "name": "CVE-2025-33012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
    },
    {
      "name": "CVE-2024-48948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
    },
    {
      "name": "CVE-2025-64720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
    },
    {
      "name": "CVE-2024-7348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2025-25977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25977"
    },
    {
      "name": "CVE-2024-10976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
    },
    {
      "name": "CVE-2025-11083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
    },
    {
      "name": "CVE-2024-6763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
    },
    {
      "name": "CVE-2025-66471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
    },
    {
      "name": "CVE-2026-21441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
    },
    {
      "name": "CVE-2025-65018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2025-54313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54313"
    },
    {
      "name": "CVE-2025-66293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
    },
    {
      "name": "CVE-2025-58457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
    },
    {
      "name": "CVE-2025-66221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
    },
    {
      "name": "CVE-2022-22968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
    },
    {
      "name": "CVE-2025-39697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
    },
    {
      "name": "CVE-2025-29907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29907"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2025-9086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
    },
    {
      "name": "CVE-2024-41762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
    },
    {
      "name": "CVE-2021-23413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2025-39971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
    },
    {
      "name": "CVE-2019-9517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
    },
    {
      "name": "CVE-2022-41721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
    },
    {
      "name": "CVE-2025-58056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
    },
    {
      "name": "CVE-2022-25881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
    },
    {
      "name": "CVE-2024-38828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
    },
    {
      "name": "CVE-2024-57965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2024-10978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2026-21945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2023-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
    },
    {
      "name": "CVE-2024-40679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2019-9518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2025-14914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2024-47072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2025-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
    },
    {
      "name": "CVE-2022-37599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2019-9512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2024-45663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
    },
    {
      "name": "CVE-2025-33134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
    },
    {
      "name": "CVE-2019-9513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2022-25858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2024-10979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
    },
    {
      "name": "CVE-2025-66418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
    },
    {
      "name": "CVE-2025-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36185"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "initial_release_date": "2026-01-30T00:00:00",
  "last_revision_date": "2026-01-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0109",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2026-01-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 5691194",
      "url": "https://www.ibm.com/support/pages/node/5691194"
    },
    {
      "published_at": "2026-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7258104",
      "url": "https://www.ibm.com/support/pages/node/7258104"
    },
    {
      "published_at": "2026-01-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7258234",
      "url": "https://www.ibm.com/support/pages/node/7258234"
    },
    {
      "published_at": "2026-01-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7258110",
      "url": "https://www.ibm.com/support/pages/node/7258110"
    },
    {
      "published_at": "2026-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257910",
      "url": "https://www.ibm.com/support/pages/node/7257910"
    },
    {
      "published_at": "2026-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257899",
      "url": "https://www.ibm.com/support/pages/node/7257899"
    },
    {
      "published_at": "2026-01-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7258042",
      "url": "https://www.ibm.com/support/pages/node/7258042"
    },
    {
      "published_at": "2026-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257904",
      "url": "https://www.ibm.com/support/pages/node/7257904"
    },
    {
      "published_at": "2026-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257903",
      "url": "https://www.ibm.com/support/pages/node/7257903"
    },
    {
      "published_at": "2026-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257901",
      "url": "https://www.ibm.com/support/pages/node/7257901"
    },
    {
      "published_at": "2026-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257898",
      "url": "https://www.ibm.com/support/pages/node/7257898"
    },
    {
      "published_at": "2026-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257900",
      "url": "https://www.ibm.com/support/pages/node/7257900"
    },
    {
      "published_at": "2026-01-25",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257978",
      "url": "https://www.ibm.com/support/pages/node/7257978"
    },
    {
      "published_at": "2026-01-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257902",
      "url": "https://www.ibm.com/support/pages/node/7257902"
    },
    {
      "published_at": "2026-01-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257519",
      "url": "https://www.ibm.com/support/pages/node/7257519"
    },
    {
      "published_at": "2026-01-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7258331",
      "url": "https://www.ibm.com/support/pages/node/7258331"
    },
    {
      "published_at": "2026-01-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257633",
      "url": "https://www.ibm.com/support/pages/node/7257633"
    },
    {
      "published_at": "2026-01-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7258232",
      "url": "https://www.ibm.com/support/pages/node/7258232"
    },
    {
      "published_at": "2026-01-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7258224",
      "url": "https://www.ibm.com/support/pages/node/7258224"
    },
    {
      "published_at": "2026-01-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7257678",
      "url": "https://www.ibm.com/support/pages/node/7257678"
    }
  ]
}

CERTFR-2026-AVI-0606

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x sans le correctif de sécurité Fix Pack 7
IBM	N/A	Robotic Process Automation for Cloud Pak versions 30.0.x antérieures à 30.0.2
IBM	Cognos Analytics	Cognos Analytics versions 12.1.x antérieures à 12.1.2
IBM	N/A	Robotic Process Automation for Cloud Pak versions 23.0.x antérieures à 23.0.20.6
IBM	AIX	Open SDK for Rust on AIX versions 1.90.0.0 et 1.92.0.0 sans le correctif de sécurité Fix Pack 1
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x sans le correctif de sécurité Fix Pack 2

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7272628	2026-05-12	vendor-advisory
Bulletin de sécurité IBM 7272965	2026-05-14	vendor-advisory
Bulletin de sécurité IBM 7272446	2026-05-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cognos Analytics versions 11.2.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 7",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation for Cloud Pak versions 30.0.x ant\u00e9rieures \u00e0 30.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.1.x ant\u00e9rieures \u00e0 12.1.2",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation for Cloud Pak versions 23.0.x  ant\u00e9rieures \u00e0 23.0.20.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Open SDK for Rust on AIX versions 1.90.0.0 et 1.92.0.0 sans le correctif de s\u00e9curit\u00e9 Fix Pack 1",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x  sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2025-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
    },
    {
      "name": "CVE-2025-30167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30167"
    },
    {
      "name": "CVE-2025-56200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
    },
    {
      "name": "CVE-2025-7207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7207"
    },
    {
      "name": "CVE-2024-6866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2025-54798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
    },
    {
      "name": "CVE-2024-12798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-3633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3633"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2025-12875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12875"
    },
    {
      "name": "CVE-2024-6844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
    },
    {
      "name": "CVE-2024-12801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
    },
    {
      "name": "CVE-2026-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2025-68146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2025-12635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2024-29371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-14914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
    },
    {
      "name": "CVE-2025-2900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
    },
    {
      "name": "CVE-2024-6839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2025-36126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36126"
    }
  ],
  "initial_release_date": "2026-05-15T00:00:00",
  "last_revision_date": "2026-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0606",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272628",
      "url": "https://www.ibm.com/support/pages/node/7272628"
    },
    {
      "published_at": "2026-05-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272965",
      "url": "https://www.ibm.com/support/pages/node/7272965"
    },
    {
      "published_at": "2026-05-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7272446",
      "url": "https://www.ibm.com/support/pages/node/7272446"
    }
  ]
}

CERTFR-2026-AVI-0171

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	WebSphere	WebSphere Application Server - Liberty avec IBM SDK, Java Technology Edition, versions antérieures à 8 SR8 FP55
IBM	Sterling	Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.3 GA
IBM	Sterling	Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.4 GA
IBM	Db2	DB2 versions 12.1.x antérieures à v12.1.2 ou sans le correctif de sécurité Special Build #72296
IBM	WebSphere	WebSphere Service Registry and Repository Studio versions 8.5.x antérieures à 8.5.6.3_IJ56659
IBM	WebSphere	WebSphere Service Registry and Repository versions 8.5 à 8.5.6.3 sans le dernier correctif de sécurité
IBM	Security QRadar EDR	Security QRadar EDR versions 3.12.x antérieures 3.12.24
IBM	WebSphere	WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition, versions antérieures à 8 Service Refresh 8 FP55
IBM	Db2	DB2 versions 11.5.x antérieures à v11.5.9 ou sans le correctif de sécurité Special Build #66394
IBM	WebSphere	WebSphere Application Server versions 8.5.0.0 à 8.5.5.28 antérieures à 8.5.5.11 avec IBM SDK, Java Technology Edition, Version 8 Service Refresh 8 FP55 ou antérieures à 8.5.5.29 (disponible au premier trimestre 2026)
IBM	Sterling	Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.3 GA
IBM	WebSphere	WebSphere Hybrid Edition version 5.1 sans le correctif de sécurité PH69485

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7259945	2026-02-06	vendor-advisory
Bulletin de sécurité IBM 7259445	2026-02-02	vendor-advisory
Bulletin de sécurité IBM 7260350	2026-02-10	vendor-advisory
Bulletin de sécurité IBM 7260100	2026-02-09	vendor-advisory
Bulletin de sécurité IBM 7260392	2026-02-11	vendor-advisory
Bulletin de sécurité IBM 7260349	2026-02-10	vendor-advisory
Bulletin de sécurité IBM 7259961	2026-02-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere Application Server - Liberty avec  IBM SDK, Java Technology Edition, versions ant\u00e9rieures \u00e0 8 SR8 FP55",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.3 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.4 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DB2 versions 12.1.x ant\u00e9rieures \u00e0 v12.1.2 ou sans le correctif de s\u00e9curit\u00e9 Special Build #72296",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository Studio versions 8.5.x ant\u00e9rieures \u00e0 8.5.6.3_IJ56659",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository versions 8.5 \u00e0 8.5.6.3 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures 3.12.24",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server version 9.0 avec  IBM SDK, Java Technology Edition, versions ant\u00e9rieures \u00e0 8 Service Refresh 8 FP55",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DB2 versions 11.5.x ant\u00e9rieures \u00e0 v11.5.9 ou sans le correctif de s\u00e9curit\u00e9 Special Build #66394",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 8.5.0.0 \u00e0 8.5.5.28 ant\u00e9rieures \u00e0 8.5.5.11 avec IBM SDK, Java Technology Edition, Version 8 Service Refresh 8 FP55 ou ant\u00e9rieures \u00e0 8.5.5.29 (disponible au premier trimestre 2026)",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.3 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Hybrid Edition version 5.1 sans le correctif de s\u00e9curit\u00e9 PH69485",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-36247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
    },
    {
      "name": "CVE-2025-15284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
    },
    {
      "name": "CVE-2025-65945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
    },
    {
      "name": "CVE-2026-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
    },
    {
      "name": "CVE-2025-66471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
    },
    {
      "name": "CVE-2026-21441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2025-14914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
    },
    {
      "name": "CVE-2025-66418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
    }
  ],
  "initial_release_date": "2026-02-13T00:00:00",
  "last_revision_date": "2026-02-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0171",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2026-02-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7259945",
      "url": "https://www.ibm.com/support/pages/node/7259945"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7259445",
      "url": "https://www.ibm.com/support/pages/node/7259445"
    },
    {
      "published_at": "2026-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7260350",
      "url": "https://www.ibm.com/support/pages/node/7260350"
    },
    {
      "published_at": "2026-02-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7260100",
      "url": "https://www.ibm.com/support/pages/node/7260100"
    },
    {
      "published_at": "2026-02-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7260392",
      "url": "https://www.ibm.com/support/pages/node/7260392"
    },
    {
      "published_at": "2026-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7260349",
      "url": "https://www.ibm.com/support/pages/node/7260349"
    },
    {
      "published_at": "2026-02-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7259961",
      "url": "https://www.ibm.com/support/pages/node/7259961"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-14914 (GCVE-0-2025-14914)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0109

Vulnerability from certfr_avis

Solutions

CERTFR-2026-AVI-0606

Vulnerability from certfr_avis

Solutions

CERTFR-2026-AVI-0171

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature