CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

IBM security advisory (AV26-639)

critical
Serial number: AV26-639 Date: June 29, 2026 Between June 22 and 28, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following: IBM Cloud Pak System – version 2.3.5.0 IBM Observability with Instana (Agent) – versions Build 1.0.303 to 1.0.319 IBM Db2 Big SQL on Cloud Pak for Data – version 5.0 IBM Db2 Big SQL on IBM Software Hub – multiple versions IBM Engineering Workflow Management – version 7.2, 7.1 and 7.0.3 IBM Engineering Requirements Management DOORS Next – version 7.2, 7.1 and 7.0.3 Global Configuration Management – version 7.2, 7.1 and 7.0.3 Jazz Foundation – version 7.2, 7.1 and 7.0.3 Langflow OSS – version 1.0.0 to 1.10.0 IBM Engineering Test Management – version 7.2, 7.1 and 7.0.3 IBM InfoSphere Information Server – version 11.7.0.0 to 11.7.1.6 IBM Operator for PostgreSQL – version v28.3.0 to v28.3.2 IBM Spectrum Control – multiple versions IBM Sterling Partner Engagement Manager Essentials Edition – multiple versions IBM Sterling Partner Engagement Manager Standard Edition – multiple versions IBM Storage Defender Copy Data Management – version 2.2.0.0 to 2.3.0.1 IBM Storage Protect Plus File Systems Agent – version 10.1.6 to 10.1.18 IBM Storage Protect Plus Guest Applications – version 10.1.6 to 10.1.18 IBM Storage Protect Plus vSnap – version 10.1 to 10.1.18 IBM Storage Protect Plus Server – version 10.1 to 10.1.18 IBM Storage Sentinel Anomaly Scan Engine – version 1.1.0 to 2.3.0 IBM watsonx Orchestrate Developer Edition – version 1.4.0 to 2.11.0 WatsonX BI – version 5.0 to 5.3 WebSphere Service Registry and Repository – version 8.5 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. IBM Product Security Incident Response

CSIRTS triage

What
IBM published security advisories to address vulnerabilities in multiple products.
Who is affected
Users of various IBM products are affected.
Urgency
Remediation is critical due to the potential impact of the vulnerabilities.
Action
Users should review the advisories and apply the necessary updates.

AI-assisted analysis generated from the source advisory — verify against the original.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
critical
Published
2026-06-29
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/ibm-security-advisory-av26-639

More from Canadian Centre for Cyber Security