Multiple IBM Vulnerabilities Data Integrity Confidentiality Risks

CERT-FR Security Advisories

Published April 3rd, 2026

Detected April 3rd, 2026

Summary

CERT-FR issued advisory CERTFR-2026-AVI-0395 warning of multiple critical vulnerabilities in IBM products affecting QRadar SIEM, Storage Protect Plus Server, WebSphere Automation, and WebSphere eXtreme Scale. Vulnerabilities include remote code execution, privilege escalation, denial of service, and data integrity and confidentiality breaches. French organizations using these products are advised to apply patches immediately.

View original document View source feed page

What changed

CERT-FR published advisory CERTFR-2026-AVI-0395 detailing multiple critical vulnerabilities across four IBM product families: QRadar SIEM versions prior to 7.5.0 UP15 IF01, Storage Protect Plus Server versions prior to 10.1.18, WebSphere Automation versions prior to 1.12.0, and WebSphere eXtreme Scale versions 8.6.1.x without patch PH70422. The vulnerabilities expose systems to remote code execution, privilege escalation, denial of service, server-side request forgery, cross-site scripting, SQL injection, and data integrity and confidentiality breaches. The advisory references multiple CVEs including CVE-2015-20107 through CVE-2020-10735.

Organizations using these affected IBM products must immediately identify whether they run vulnerable versions and apply available patches from the referenced IBM security bulletins (7267689, 7267801, 7268179, 7268331). No specific compliance deadline is stated, but immediate action is warranted given the critical severity of remote code execution vulnerabilities. French government agencies and critical infrastructure operators should treat this as priority due to the potential for system compromise and data exfiltration.

What to do next

Identify whether your organization runs affected IBM products: QRadar SIEM 7.5.x, Storage Protect Plus Server 10.1.x, WebSphere Automation, or WebSphere eXtreme Scale 8.6.1.x
Apply the latest security patches from IBM security bulletins 7267689, 7267801, 7268179, and 7268331
Monitor systems for indicators of compromise given the severity of remote code execution and privilege escalation vulnerabilities

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 03 avril 2026 N° CERTFR-2026-AVI-0395 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans les produits IBM

Gestion du document

Risques

Atteinte à l'intégrité des données
Atteinte à la confidentialité des données
Contournement de la politique de sécurité
Déni de service à distance
Exécution de code arbitraire à distance
Falsification de requêtes côté serveur (SSRF)
Injection de code indirecte à distance (XSS)
Injection SQL (SQLi)
Élévation de privilèges

Systèmes affectés

QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP15 IF01
Storage Protect Plus Server versions 10.1.x antérieures à 10.1.18
WebSphere Automation versions antérieures à 1.12.0
WebSphere eXtreme Scale versions 8.6.1.x sans le correctif de sécurité PH70422

Résumé

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.