Changeflow GovPing Data Privacy & Cybersecurity IBM Products Multiple Vulnerabilities Identified
Priority review Notice Added Final

IBM Products Multiple Vulnerabilities Identified

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 27th, 2026
Detected March 27th, 2026
Email

Summary

CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in various IBM products. These vulnerabilities could allow attackers to cause remote denial of service, compromise data confidentiality, and affect data integrity. Affected systems include specific versions of IBM Security QRadar Log Management, Sterling Connect:Direct, and WebSphere Application Server.

View original document View source feed page

What changed

CERT-FR, the French national cybersecurity agency, has published an advisory detailing multiple vulnerabilities affecting various IBM products, including Security QRadar Log Management, Sterling Connect:Direct, and WebSphere Application Server. The identified vulnerabilities, linked to CVEs such as CVE-2024-29371 and others from 2025 and 2026, can lead to remote denial of service, data integrity breaches, and data confidentiality compromises.

Organizations utilizing the affected IBM products are advised to consult the provided IBM security bulletins and apply the necessary patches or updates as soon as they become available. A future corrective version for WebSphere Application Server - Liberty is expected in Q2 2026. Failure to address these vulnerabilities could expose systems to significant security risks, including unauthorized access and service disruption.

What to do next

  1. Consult IBM security bulletins for affected products.
  2. Apply available patches and updates to mitigate identified vulnerabilities.
  3. Monitor for future corrective versions, such as for WebSphere Application Server - Liberty.

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 27 mars 2026 N° CERTFR-2026-AVI-0372 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans les produits IBM

Gestion du document

| Référence | CERTFR-2026-AVI-0372 |
| Titre | Multiples vulnérabilités dans les produits IBM |
| Date de la première version | 27 mars 2026 |
| Date de la dernière version | 27 mars 2026 |
| Source(s) | Bulletin de sécurité IBM 7267058 du 20 mars 2026
Bulletin de sécurité IBM 7267346 du 24 mars 2026
Bulletin de sécurité IBM 7267351 du 24 mars 2026
Bulletin de sécurité IBM 7267392 du 24 mars 2026
Bulletin de sécurité IBM 7267514 du 25 mars 2026
Bulletin de sécurité IBM 7267689 du 26 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à l'intégrité des données
  • Atteinte à la confidentialité des données
  • Contournement de la politique de sécurité
  • Déni de service à distance
  • Non spécifié par l'éditeur

Systèmes affectés

  • greffon Security QRadar Log Management AQL versions 1.x antérieures à 1.1.4
  • Sterling Connect:Direct FTP+ versions 1.3.0.x antérieures à 1.3.0.4
  • Sterling Connect:Direct pour UNIX versions 6.3.x antérieures à 6.3.0.7
  • Sterling Connect:Direct pour UNIX versions 6.4.x antérieures à 6.4.0.5
  • WebSphere Application Server - Liberty sans le correctif APAR PH70510
  • WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif APAR PH70422

  • WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans le dernier correctif de sécurité
    L'éditeur indique que les versions correctives suivantes seront mises à disposition ultérieurement :

  • WebSphere Application Server - Liberty 26.0.0.4 (deuxième trimestre 2026)

Résumé

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 27 mars 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr Symantec DLP Privilege Escalation Vulnerability
Priority review Mar 31, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Elastic OpenTelemetry Java Remote Code Execution Vulnerability
Urgent Mar 31, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Papercut Vulnerabilities Expose Data Confidentiality, Enable Remote XSS
Priority review Mar 31, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com Cyber vulnerability assessment and remedy identification patent
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Business Methods (G06Q) Banking & Finance
Favicon for wid.cert-bund.de IBM App Connect Enterprise Multiple DoS Vulnerabilities
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Kyocera Printer Critical Vulnerabilities CVSS 9.8 Remote Attack
Urgent Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
March 27th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0372

Who this affects

Applies to
Manufacturers
Industry sector
3341 Computer & Electronics Manufacturing
Activity scope
Vulnerability Management System Patching
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Integrity Data Confidentiality Denial of Service

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 285 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.