Full Report
IBM security advisory (AV26-237)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in IBM Product Suite (AV26-237)
## CVE Details
- **CVE ID:** Multiple (See Reference link for specific IDs per product)
- **CVSS Score:** Up to 10.0 (Reported as Critical)
- **CWE:** Varies by product (Includes Injection, Broken Access Control, and Path Traversal based on product types)
## Affected Systems
- **Products & Versions:**
- **Data & AI:** Cloudera Data Platform (CDP) 7.1.9, 7.3.1; IBM Knowledge Catalog; watsonx Orchestrate (v4.8.4–5.3).
- **Security:** IBM Cloud Pak for Security (1.10.0.0–1.10.11.0); QRadar Suite Software (1.10.12.0–1.11.8.0); IBM Security SOAR; IBM Security Verify Directory (v10 & v11).
- **Infrastructure & Middleware:** IBM AIX (7.2, 7.3) & VIOS (3.1, 4.1); IBM MQ (LTS/CD); CICS Transaction Gateway; IBM Sterling Connect:Direct.
- **Observability:** IBM Observability with Instana Agent (Build 1.0.303–1.0.313).
- **Configurations:** Systems utilizing bundled JREs (specifically Sterling Connect:Direct) and containerized deployments of Verify Directory.
## Vulnerability Description
This advisory covers a wide array of vulnerabilities patched across the IBM ecosystem. While specific technical details vary by product, the "Critical" designation for major components (like Cloud Pak and AIX) typically involves remote code execution (RCE), unauthorized privilege escalation, or complete system compromise through vulnerable third-party libraries (e.g., Apache Struts, bundled JREs, or vulnerable container base images).
## Exploitation
- **Status:** Not explicitly reported as exploited in the wild at the time of the advisory.
- **Complexity:** Varies (Low to Medium depending on the specific CVE).
- **Attack Vector:** Primarily Network (Remote).
## Impact
- **Confidentiality:** High (Total loss of confidentiality for affected databases/configs).
- **Integrity:** High (Potential for unauthorized modification of system data).
- **Availability:** High (Potential for service disruption or system crashes).
## Remediation
### Patches
IBM has released specific updates for each product line. Recommended versions include:
- **Cloud Pak for Security:** Update to version 1.10.12.0 or higher.
- **QRadar Suite Software:** Update to version 1.11.9.0 or higher.
- **IBM AIX/VIOS:** Apply specific security patches (iFixes) as detailed in the IBM PSIRT.
- **Sterling Connect:Direct:** Apply iFixes newer than `1.4.0.5_iFix005` (File Agent) and `6.4.0.4_iFix009` (Windows).
### Workarounds
- No universal workarounds provided; IBM recommends immediate patching due to the "Critical" nature of these flaws.
- For legacy systems (Struts 1.2), restrict network access to trusted management IPs only.
## Detection
- **Indicators of Compromise:** Monitor for unusual outbound traffic from IBM middleware, unauthorized user creation in Verify Directory, and unexpected binary executions in AIX/VIOS environments.
- **Detection methods:** Use vulnerability scanners updated with the March 2026 definitions. Audit logs for Sterling Connect:Direct file transfers for directory traversal patterns.
## References
- **IBM Product Security Incident Response:** hxxps[://]www[.]ibm[.]com/support/pages/bulletin/
- **Canadian Centre for Cyber Security Advisory:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/ibm-security-advisory-av26-237