Changeflow GovPing Vulnerability Alerts Multiple Vulnerabilities Found in IBM Products
Priority review Notice Added Final

Multiple Vulnerabilities Found in IBM Products

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 13th, 2026
Detected March 13th, 2026
Email

Summary

The French National Cybersecurity Agency (ANSSI) has issued a notice regarding multiple vulnerabilities discovered in various IBM products. These vulnerabilities could allow remote code execution, denial of service, and data breaches. Affected users are advised to consult IBM's security bulletins for patch information.

View original document View source feed page

What changed

The French National Cybersecurity Agency (ANSSI) has issued a notice (CERTFR-2026-AVI-0292) detailing multiple critical vulnerabilities found in several IBM products, including Sterling Control Center, Sterling Partner Engagement Manager, Sterling Secure Proxy, and WebSphere Service Registry and Repository. The vulnerabilities pose significant risks, such as remote code execution, denial of service, data integrity and confidentiality breaches, and security policy bypass.

Organizations utilizing the affected IBM products must immediately consult the provided IBM security bulletins and apply the necessary patches or iFixes to mitigate these risks. Failure to do so could lead to severe security incidents, including unauthorized access and data compromise. The notice references specific CVEs and IBM bulletin numbers for detailed information on affected versions and remediation steps.

What to do next

  1. Review IBM security bulletins for affected products.
  2. Apply necessary patches and iFixes to mitigate identified vulnerabilities.
  3. Assess potential impact of vulnerabilities on data integrity, confidentiality, and security policy.

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 13 mars 2026 N° CERTFR-2026-AVI-0292 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans les produits IBM

Gestion du document

| Référence | CERTFR-2026-AVI-0292 |
| Titre | Multiples vulnérabilités dans les produits IBM |
| Date de la première version | 13 mars 2026 |
| Date de la dernière version | 13 mars 2026 |
| Source(s) | Bulletin de sécurité IBM 7262893 du 09 mars 2026
Bulletin de sécurité IBM 7262894 du 09 mars 2026
Bulletin de sécurité IBM 7263059 du 10 mars 2026
Bulletin de sécurité IBM 7263060 du 10 mars 2026
Bulletin de sécurité IBM 7263061 du 10 mars 2026
Bulletin de sécurité IBM 7263063 du 10 mars 2026
Bulletin de sécurité IBM 7263064 du 10 mars 2026
Bulletin de sécurité IBM 7263065 du 10 mars 2026
Bulletin de sécurité IBM 7263211 du 11 mars 2026
Bulletin de sécurité IBM 7263391 du 12 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à l'intégrité des données
  • Atteinte à la confidentialité des données
  • Contournement de la politique de sécurité
  • Déni de service à distance
  • Exécution de code arbitraire à distance
  • Injection de code indirecte à distance (XSS)
  • Non spécifié par l'éditeur

Systèmes affectés

  • Sterling Control Center versions 6.3.x antérieures à 6.3.1.0 iFix06
  • Sterling Control Center versions 6.4.0 antérieures à 6.4.0.0 iFix02
  • Sterling Control Center versions 6.4.1 antérieures à 6.4.1.0 iFix01
  • Sterling Partner Engagement Manager Essentials Edition versions 6.2.3 antérieures à 6.2.3.6
  • Sterling Partner Engagement Manager Essentials Edition versions 6.2.4 antérieures à 6.2.4.3
  • Sterling Partner Engagement Manager Standard Edition versions 6.2.3 antérieures à 6.2.3.6
  • Sterling Partner Engagement Manager Standard Edition versions 6.2.4 antérieures à 6.2.4.3
  • Sterling Secure Proxy versions 6.1.0 antérieures à 6.1.0.3 GA
  • Sterling Secure Proxy versions 6.2.0 antérieures à 6.2.0.3 GA
  • Sterling Secure Proxy versions 6.2.1 antérieures à 6.2.1.2 GA
  • WebSphere Service Registry and Repository versions 8.5 antérieures à 8.5.5.30

Résumé

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 13 mars 2026 Version initiale

Related changes

Favicon for www.gov.uk Export Licence Transmission Issue Resolved
Routine Mar 14, 2026 ECJU Notices to Exporters Trade & Export
Favicon for www.gov.uk Humanitarian Assistance Exception Notification for Petroleum Products
Priority review Mar 13, 2026 OFSI All Publications Trade & Export
Favicon for www.apra.gov.au APRA Releases Quarterly ADI Statistics for December 2025
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.cisa.gov CISA Adds Two Exploited Vulnerabilities to KEV Catalog
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.cisa.gov CISA: Ignition Software Vulnerable to Code Execution
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.gao.gov GAO Report on DOD Cybersecurity Maturity Model Certification Program
Priority review Mar 13, 2026 GAO Reports & Testimonies Government Accountability

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Vulnerability Alerts
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Published
March 13th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
INT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Product Security Vulnerability Management

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Vulnerability Alerts alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.