Full Report
IBM security advisory (AV26-152)
Analysis Summary
# Vulnerability: Critical Security Updates for Multiple IBM Products (AV26-152)
## CVE Details
*Note: This advisory (AV26-152) acts as a rollup for multiple patches issued by IBM. Individual CVEs vary by product.*
- **CVE ID:** Multiple (See IBM PSIRT for specific identifiers per product)
- **CVSS Score:** Range up to **9.8** (Critical)
- **CWE:** Varies (Includes Injection, Broken Access Control, and Deserialization flaws)
## Affected Systems
- **IBM Aspera Enterprise WebApps:** Version 1.0.0
- **IBM Cloud Pak System:** Multiple versions
- **IBM Storage Defender - Resiliency Service:** Versions 2.0.0 to 2.1.0
- **IBM SPSS Analytic Server:** Versions 3.4, 3.5, 3.6, and 4.0.0.0
- **IBM OS Image for Red Hat Linux Systems:** Versions 4.0.5.0, 4.0.7.0, and 5.0.1.0
- **IBM Tivoli Monitoring:** Versions 6.3.0.7 through 6.3.0.7 Service Pack 22
- **IBM Watson Machine Learning Accelerator (Cloud Pak for Data):** Versions 5.0.0 to 5.0.2
- **IBM watsonx Orchestrate Developer Edition:** Versions 1.4.0 to 2.3.0
## Vulnerability Description
This advisory covers a range of vulnerabilities across IBM's enterprise suite. Technical flaws include:
1. **Remote Code Execution (RCE):** Found in several data management products allowing unauthenticated attackers to execute commands.
2. **Improper Input Validation:** Affecting analytic servers and web applications, potentially leading to cross-site scripting (XSS) or injection.
3. **Privilege Escalation:** Specific to the OS Images for Red Hat Linux, where a local user could gain root access.
## Exploitation
- **Status:** Not currently reported as exploited in the wild (as of the date of advisory).
- **Complexity:** Low to Medium (Varies by product).
- **Attack Vector:** Primarily Network (Remote) for Cloud Pak and Aspera; Local for OS Images.
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
IBM recommends upgrading to the following versions or applying specific interim fixes (iFix):
- **Aspera WebApps:** Update to the latest patch level via IBM Support.
- **Cloud Pak System:** Apply the latest available fix pack for your specific branch.
- **Storage Defender:** Update to version 2.1.1 or higher.
- **SPSS Analytic Server:** Apply the latest security hotfix for versions 3.x/4.x.
- **Tivoli Monitoring:** Upgrade to 6.3.0.7 SP 23 or later.
- **watsonx Orchestrate:** Upgrade to version 2.3.1.
### Workarounds
- Implement strict Network Access Control (NAC) to limit access to management interfaces for Tivoli and Cloud Pak systems.
- Disable unused services within the Watson Machine Learning Accelerator environment.
## Detection
- **Indicators of Compromise:** Unusual administrative logins, unauthorized modifications to OS images, or unexpected outbound traffic from SPSS/Aspera servers.
- **Tools:** Use IBM’s License Metric Tool or specialized vulnerability scanners (Nessus/Qualys) with updated plugins for IBM PSIRT February 2026 advisories.
## References
- **IBM Product Security Incident Response:** hxxps[://]www[.]ibm[.]com/support/pages/bulletin/
- **CCCS Advisory:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/ibm-security-advisory-av26-152