Security Advisory

IBM Product Security Update Advisory

  • Aug 26 2025
IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.

 

 

Affected Products

 

CVE-2025-33120

 

IBM QRadar SIEM Versions: 7.5 and later 7.5.0 UP13 and earlier

 

CVE-2025-36157

 

IBM Engineering Lifecycle Management – Jazz Foundation, IBM Engineering Test Management, IBM Engineering Workflow Management, IBM Engineering Requirements Management DOORS Next, IBM Engineering Lifecycle Optimization – Engineering Insights, IBM Engineering Systems Design Rhapsody – Model Manager, IBM Jazz Reporting Service, IBM Global Configuration Management Version
: 7.0.2 or later 7.0.2 iFix035 or earlier
: 7.0.3 or later 7.0.3 iFix018 or earlier
: 7.1.0 or later 7.1.0 iFix004 or earlier

 

CVE-2025-36174

 

IBM Integrated Analytics System version: 1.0.0.0 or later and 1.0.30.0 or earlier

 

 

Resolved Vulnerabilities

 

Privilege escalation vulnerability due to a misconfigured cronjob in IBM QRadar SIEM (CVE-2025-33120)
Denial of service vulnerability in IBM Jazz Team Server due to server configuration file modification by an unauthorized remote user (CVE-2025-36157)
Arbitrary code execution vulnerability in IBM Integrated Analytics System due to the upload of a risky type of file (CVE-2025-36174)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-33120

 

IBM QRadar SIEM Version: QRadar 7.5.0 UP13 IF01
QRadar Incident Forensics Version: QIF 7.5.0 UP13 IF01

 

CVE-2025-36157

 

IBM Engineering Lifecycle Management – Jazz Foundation Version: 7.0.2 iFix035-sec
IBM Engineering Lifecycle Management – Jazz Foundation Version: 7.0.3 iFix018-sec
IBM Engineering Lifecycle Management – Jazz Foundation Version: 7.1.0 iFix004-sec

 

CVE-2025-36174

 

IBM Integrated Analytics System Version: 1.0.31.0-WebConsole-Special-Build-IM-IIAS-fp349

 

 

References

 

[1] Security Bulletin: IBM QRadar SIEM is affected by local privilege escalation and cross-site scripting (CVE-2025-33120, CVE-2025-36042)
https://www.ibm.com/support/pages/node/7242869
[2] Security Bulletin: IBM Engineering Lifecycle Management – Jazz Foundation is impacted by a remote attack to the root directory which results in a Denial of Service (DoS) condition
https://www.ibm.com/support/pages/node/7242925
[3] Security Bulletin: Vulnerability Malicious File Upload affects IBM Integrated Analytics System
https://www.ibm.com/support/pages/node/7242970

Tags:
Previous Post

Next Post