EUVD-2016-10537

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM WebSphere Application Server can be exploited by malformed SOAP requests for sensitive data access

Reporter	Title	Published	Views	Family All 32
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Sensor Events and IBM Real-Time Asset Locator (CVE-2016-9736)	17 Jun 201822:28	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with OpenPages GRC Platform (CVE-2016-9736 )	15 Jun 201822:48	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Enterprise Service Bus (CVE-2016-9736)	15 Jun 201807:06	–	ibm
IBM Security Bulletins	Security Bulletin: There is a potential information disclosure in IBM WebSphere Application Server shipped with IBM PureApplication System using malformed SOAP requests on IBM WebSphere Application Server (CVE-2016-9736)	15 Jun 201807:06	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server vulnerability with malformed SOAP requests in IBM Content Collector for Email	17 Jun 201812:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Monitoring shipped with IBM Cloud Orchestrator Enterprise	17 Jun 201822:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server	17 Jun 201815:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities have been identified in IBM Websphere Application Server and IBM Java shipped with IBM Security Access Manager for Enterprise Single Sign-On	25 Jun 201805:54	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-9736)	17 Jun 201815:32	–	ibm
IBM Security Bulletins	Security Bulletin: Potential Denial of Service and Information Disclosure that affect IBM WebSphere Application Server for Bluemix (CVE-2016-8919, CVE-2016-9736)	15 Jun 201807:06	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "4b57369f-c3e9-3e61-b3d5-9880d6c63499",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1f1c4a40-66fd-3785-bbbc-f16a0d36cf8a",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5.5"
      },
      {
        "id": "25330e80-c904-30c3-8304-40840c47dab3",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5"
      },
      {
        "id": "965a3bfe-b21a-3265-acbc-2357ede61559",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0"
      },
      {
        "id": "b1b22dd3-e2a4-3497-b376-2039281b7822",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.0"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/119780
securityfocus	www.securityfocus.com/bid/96076
www-01	www.www-01.ibm.com/support/docview.wss
ibm	www.ibm.com/support/docview.wss
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

5.6Medium risk

Vulners AI Score5.6

CVSS 35.3

CVSS 25

EPSS0.00509