EUVD-2024-19890

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

IBM WebSphere Application Server 8.5, 9.0, and Liberty versions are vulnerable to server-side request forgery

Reporter	Title	Published	Views	Family All 85
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management	9 Jan 202510:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2024-25026, CVE-2023-50313, CVE-2024-22329)	25 Jun 202411:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Match 360 is vulnerable to server-side request forgery from IBM WebSphere Application Server Liberty (CVE-2024-22329)	24 Jul 202421:56	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor	20 Nov 202414:59	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway	17 May 202413:55	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM CICS TX Standard is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).	9 May 202409:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware	15 Apr 202502:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.3 which is vulnerable to CVE-2024-27270 and CVE-2024-22329	15 Jul 202407:27	–	ibm
IBM Security Bulletins	Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update	19 May 202614:43	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilites in the IBM WebSphere Application Server Liberty version 17.0.0.3 - 24.0.0.5 affects Watson Machine Learning Accelerator on Cloud Pak for Data	3 Feb 202516:26	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "605b4bd6-23ec-3538-81d4-8342d7ef713a",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "052933ea-baa5-3b95-acb7-53c73be2ad02",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5, 9.0"
      },
      {
        "id": "1cce3bb5-deb3-38c0-93fc-f0b524a362d2",
        "product": {
          "name": "WebSphere Application Server Liberty"
        },
        "product_version": "17.0.0.3 ≤24.0.0.3"
      },
      {
        "id": "21f7d3e3-c91e-3f80-9cac-48e0e8a9f351",
        "product": {
          "name": "WebSphere Application Server"
        }
      },
      {
        "id": "b18e708d-750f-3864-bd55-f07e7ec555be",
        "product": {
          "name": "WebSphere Application Server Liberty"
        }
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7148380
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/279951

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.14.3

EPSS0.00302

SSVC