The CERT-FR has issued a security alert about multiple vulnerabilities in IBM products that could allow attackers to cause remote denial of service, compromise data confidentiality and integrity. The vulnerabilities affect Sterling Partner Engagement Manager Essentials and Standard Editions 6.2.3.x and 6.2.4.x (prior to 6.2.3.5 and 6.2.4.2) and WebSphere eXtreme Scale 8.6.1.x (prior to 8.6.1.6 without the PH69398 iFix). Reported risks include data integrity and confidentiality breaches, security policy bypass, remote denial of service, indirect code injection (XSS), and unspecified vulnerabilities. IBM has released patches in security bulletins 7255899 (29 December 2025) and 7256003 (30 December 2025). Users should download the applicable fixes and apply them promptly. The alert references CVE identifiers such as CVE-2020-36732, CVE-2023-48795, CVE-2023-6378, CVE-2024-38808, CVE-2024-47554, CVE-2024-56339, CVE-2025-36000, CVE-2025-36047, CVE-2025-36124, CVE-2025-48795, CVE-2025-48924, CVE-2025-48976, CVE-2025-53057 and CVE-2025-53066.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0002/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.