IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-0165

 

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data Versions: 4.8.4 and later and 4.8.5 and earlier
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data Version: 5.0.0 or later and 5.2 or earlier

 

CVE-2025-36003

 

IBM Security Verify Governance Version: ISVG 10.0.2
IBM Security Verify Governance – Identity Manager software component Version : ISVG 10.0.2
IBM Security Verify Governance – Identity Manager virtual appliance component Version : ISVG 10.0.2

 

 

Resolved Vulnerabilities

 

Blind SQL Injection Vulnerability in IBM watsonx Orchestrate Cartridge (CVE-2025-0165)
Sensitive information disclosure vulnerability in IBM Security Verify Governance Identity Manager (CVE-2025-36003)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-0165

 

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data Version: 5.2.0.1

 

CVE-2025-36003

 

IBM Security Verify Governance Version: 10.0.2.0-ISS-ISVG-IGVA-FP0006
IBM Security Verify Governance – Identity Manager software component Version: 10.0.2.0-ISS-ISVG-IMSW-FP0006
IBM Security Verify Governance – Identity Manager virtual appliance component Version: 10.0.2.0-ISS-ISVG-IMVA-FP0006

 

 

References

 

[1] Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Blind SQL Injection
https://www.ibm.com/support/pages/node/7243596
[2] Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities
https://www.ibm.com/support/pages/node/7243303