For security reasons, administrators of IBM applications should install the latest updates. If this is not done, attackers can attack systems and execute malicious code, among other things. So far, there are no reports of ongoing attacks.
Security patches available
The most dangerous is a vulnerability (CVE-2025-4949 “critical”) in the Eclipse JGit component of IBM App Connect Enterprise Toolkit and Integration Bus for z/OS Toolkit. Errors can occur if XML files prepared by attackers are processed. If such an attack succeeds, data may be leaked or DoS states may occur. The developers claim to have solved the security problem in v13 Fix Pack Release 13.0.5.0.
A malicious code vulnerability (CVE-2025-36245 “high”) threatens InfoSphere Information Server. However, an attacker must be authenticated for this. If this is the case, they can execute their commands.
The remaining vulnerabilities are categorized as “medium” threat level. Attackers can use these vulnerabilities to paralyze WebSphere Application Server via a DoS attack, for example. Admins can find further information on the vulnerabilities and security updates in the linked alerts.
Most recently, IBM’s developers closed DoS gaps in the data analysis platform SPSS Analytic Server.
List sorted by threat level in descending order:
(des)
Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.
This article was originally published in
German.
It was translated with technical assistance and editorially reviewed before publication.
Dieser Link ist leider nicht mehr gültig.
Links zu verschenkten Artikeln werden ungültig,
wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
Sie benötigen ein heise+ Paket, um diesen Artikel zu lesen. Jetzt eine Woche unverbindlich testen – ohne Verpflichtung!