Multiple Critical Vulnerabilities in Various IBM Products

72% confidence

Description

IBM published security advisories addressing multiple critical vulnerabilities affecting various IBM products including API Connect V12 OnPrem, Automation Assets in IBM Cloud Pak for Integration, DB2 Client and Server, EDB PGAI AI Factory, IBM App Connect Enterprise, IBM Business Automation Manager, IBM Content Navigator, IBM DataPower Gateway, IBM Guardium, IBM Maximo, IBM OpenAPI SDK Generator, IBM Process Mining, IBM Rational Build Forge, IBM Security Verify Access, IBM Storage Protect Plus Server, IBM Tivoli Netcool Impact, IBM Verify Identity Access, IBM watsonx Orchestrate Developer Edition, InfoSphere Information Server, Maximo AI Service, Platform Navigator in IBM Cloud Pak for Integration, UCR IBM DevOps Release, and UCR IBM UrbanCode Release. Users and administrators are encouraged to review the advisories and apply necessary updates.

Affected Products

Vendor	Product	Versions
ibm	—	API Connect V12 OnPrem - versions 12.1.0.0 and 12.1.0.1, Automation Assets in IBM Cloud Pak for Integration (CP4I) - multiple versions, DB2 Client and Server - versions 12.1.0 to 12.1.4, EDB PGAI AI Factory - version 1.3.0.0, EDB PGAI Analytics Accelarator - version 1.3.0.0, EDB PGAI Hybrid Data Management - version 1.3.0., EDB PostgreSQL with IBM for IBM Cloud Pak for Data - version 5.3.0, HMC - versions V10.3.1050.0 to V10.3.1063.1, HMC - versions V11.1.1110.0 to V11.1.1111.4, IBM App Connect Enterprise Certified Containers Operands - versions 13.0.6.0-r1 to 13.0.6.2-r1, IBM App Connect Operator - versions 12.19.0 to 12.21.0, IBM Business Automation Manager Open Editions - versions 9.0.0 to 9.3.1, IBM Content Navigator - version 3.0.15, 3.1.0 and 3.2.0, IBM DataPower Gateway - multiple versions, IBM Guardium Data Security Center Platform On-prem - version 3.8.7, IBM Guardium Unified Discovery and Classification (GUDC) - versions 1.0.0 to 1.1.0, IBM Library Support for Spring - versions 3.4, 3.2.19 and 2.7.31, IBM Maximo Application Suite IoT Component - version 9.1, 9.0, 8.8 and 8.7, IBM OpenAPI SDK Generator (Node.js) - version 5.4.9, IBM Process Mining - versions 2.1.0 IF002, 2.1.0 IF001 and 2.1.0, IBM Rational Build Forge - versions 8.0.0 to 8.0.0.29, IBM Security Verify Access - versions 10.0 to 10.0.9.1, IBM Security Verify Access Container - versions 10.0 to 10.0.9.1, IBM Storage Protect Plus Server - versions 10.1.0 to 10.1.17, IBM Tivoli Netcool Impact - versions 7.1.0.0 to 7.1.0.37, IBM Verify Identity Access - versions 11.0 to 11.0.2, IBM Verify Identity Access Container - versions 11.0 to 11.0.2, IBM Verify Identity Access Digital Credentials - versions 24.06 to 25.12, IBM watsonx Orchestrate Developer Edition - versions 1.4.0 to 2.6.0, InfoSphere Information Server - versions 11.7.0.0 to 11.7.1.6, Maximo AI Service - version 9.1, Platform Navigator in IBM Cloud Pak for Integration (CP4I) - multiple versions, UCR IBM DevOps Release - versions 7.0.0 to 7.0.0.6, UCR IBM UrbanCode Release - versions 6.2.5 to 6.2.5.11

Related News (1 articles)

Tier B

CCCS Canada4h ago

IBM security advisory (AV26-316)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 7, 2026

Last enriched4h ago

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-1345EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Trending: 26

MEDIUMCVE-2026-1491EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Trending: 22

MEDIUMCVE-2025-14923

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administe

Trending: 22

MEDIUMCVE-2025-14915

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the

Trending: 22

MEDIUMCVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to sen

Trending: 22

Pin to Dashboard

Verification

State: reported

Confidence: 72%

Vulnerability Timeline

CVE Published

Apr 7, 2026

Discovered by ZDM

Apr 7, 2026

Description

Affected Products

Vendor

Product

Versions

ibm

—

API Connect V12 OnPrem - versions 12.1.0.0 and 12.1.0.1, Automation Assets in IBM Cloud Pak for Integration (CP4I) - multiple versions, DB2 Client and Server - versions 12.1.0 to 12.1.4, EDB PGAI AI Factory - version 1.3.0.0, EDB PGAI Analytics Accelarator - version 1.3.0.0, EDB PGAI Hybrid Data Management - version 1.3.0., EDB PostgreSQL with IBM for IBM Cloud Pak for Data - version 5.3.0, HMC - versions V10.3.1050.0 to V10.3.1063.1, HMC - versions V11.1.1110.0 to V11.1.1111.4, IBM App Connect Enterprise Certified Containers Operands - versions 13.0.6.0-r1 to 13.0.6.2-r1, IBM App Connect Operator - versions 12.19.0 to 12.21.0, IBM Business Automation Manager Open Editions - versions 9.0.0 to 9.3.1, IBM Content Navigator - version 3.0.15, 3.1.0 and 3.2.0, IBM DataPower Gateway - multiple versions, IBM Guardium Data Security Center Platform On-prem - version 3.8.7, IBM Guardium Unified Discovery and Classification (GUDC) - versions 1.0.0 to 1.1.0, IBM Library Support for Spring - versions 3.4, 3.2.19 and 2.7.31, IBM Maximo Application Suite IoT Component - version 9.1, 9.0, 8.8 and 8.7, IBM OpenAPI SDK Generator (Node.js) - version 5.4.9, IBM Process Mining - versions 2.1.0 IF002, 2.1.0 IF001 and 2.1.0, IBM Rational Build Forge - versions 8.0.0 to 8.0.0.29, IBM Security Verify Access - versions 10.0 to 10.0.9.1, IBM Security Verify Access Container - versions 10.0 to 10.0.9.1, IBM Storage Protect Plus Server - versions 10.1.0 to 10.1.17, IBM Tivoli Netcool Impact - versions 7.1.0.0 to 7.1.0.37, IBM Verify Identity Access - versions 11.0 to 11.0.2, IBM Verify Identity Access Container - versions 11.0 to 11.0.2, IBM Verify Identity Access Digital Credentials - versions 24.06 to 25.12, IBM watsonx Orchestrate Developer Edition - versions 1.4.0 to 2.6.0, InfoSphere Information Server - versions 11.7.0.0 to 11.7.1.6, Maximo AI Service - version 9.1, Platform Navigator in IBM Cloud Pak for Integration (CP4I) - multiple versions, UCR IBM DevOps Release - versions 7.0.0 to 7.0.0.6, UCR IBM UrbanCode Release - versions 6.2.5 to 6.2.5.11