Changeflow GovPing Data Privacy & Cybersecurity IBM Semeru Runtime Critical Vulnerability - Arb...
Urgent Notice Added Final

IBM Semeru Runtime Critical Vulnerability - Arbitrary Code Execution

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 30th, 2026
Detected March 31st, 2026
Email

Summary

CERT-Bund issued a critical security advisory (WID-SEC-2026-0929) warning of a vulnerability in IBM Semeru Runtime and IBM DB2. The vulnerability has a CVSS Base Score of 9.8 (critical) and CVSS Temporal Score of 8.5 (high). A remote, anonymous attacker can exploit this flaw to execute arbitrary code. Affected versions: IBM Semeru Runtime prior to 21.0.10.0 and IBM DB2 version 12.1.4. Mitigation measures are available.

View original document View source feed page

What changed

CERT-Bund published security advisory WID-SEC-2026-0929 disclosing a critical vulnerability in IBM Semeru Runtime (versions below 21.0.10.0) and IBM DB2 (version 12.1.4). The vulnerability carries a CVSS Base Score of 9.8 and enables remote, unauthenticated code execution. The affected products run on Linux, UNIX, Windows, and other operating systems.

Organizations using IBM Semeru Runtime or IBM DB2 must immediately check their environments for these affected versions and apply available patches or mitigations. Given the critical severity and remote exploitability, this vulnerability should be treated as a high-priority remediation item. No specific compliance deadline is stated in the advisory, but immediate action is warranted.

What to do next

  1. Identify systems running IBM Semeru Runtime or IBM DB2 in your environment
  2. Update IBM Semeru Runtime to version 21.0.10.0 or later
  3. Apply available patches or mitigations for affected IBM DB2 installations

Source document (simplified)

[WID-SEC-2026-0929] IBM Semeru Runtime: Schwachstelle ermöglicht Codeausführung CVSS Base Score 9.8 (kritisch) CVSS Temporal Score 8.5 (hoch) Remoteangriff ja Datum 30.03.2026 Stand 31.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

IBM Semeru Runtime ist ein Java Runtime Environment.
IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Produkte

30.03.2026
- IBM Semeru Runtime <21.0.10.0

  • IBM DB2 = 12.1.4

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Semeru Runtime und IBM DB2 ausnutzen, um beliebigen Programmcode auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Docker Desktop Model Runner SSRF Vulnerability Advisory
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de libarchive Remote Code Execution Vulnerability
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Asterisk security advisory, XSS, root code execution
Routine Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com Systems and methods of protecting secrets in use with containerized applications
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com Secure data parser method and system
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for changeflow.com IBM patent for entity-wide database asset index generation
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 30th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0929

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability Management Software patching Security incident response
Threshold
IBM Semeru Runtime <21.0.10.0; IBM DB2 = 12.1.4
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Software Security Vulnerability Management

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 285 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.