106 matches found
Security Bulletin: IBM ApplinX is vulnerable to multiple vulnerabilities due to the use of Bouncy Castle library (CVE-2023-33202, CVE-2025-8916, CVE-2026-5588, CVE-2025-14813, CVE-2026-5598, CVE-2026-0636)
Summary IBM ApplinX is vulnerable to an Uncontrolled Resource Consumption vulnerability, an Allocation of Resources Without Limits or Throttling vulnerability, a Use of a Broken or Risky Cryptographic Algorithm, a Covert Timing Channel vulnerability and an Improper Neutralization of Special...
Security Bulletin: The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities.
Summary The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabiltiies CVE-2026-29146, CVE-2026-34487, CVE-2026-24880, CVE-2026-25854, CVE-2026-29129, CVE-2026-29145, CVE-2026-32990, CVE-2026-34483, CVE-2026-34500, CVE-2026-41284, CVE-2026-41293,...
Security Bulletin: Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities (CVE-2025-66614, CVE-2026-24733, CVE-2026-24734) and an 'Injection' vulnerability (CVE-2026-27727).
Summary Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities CVE-2025-66614, CVE-2026-24733, CVE-2026-24734 and an Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'...
Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.
Summary IBM ApplinX has been updated in order to address multiple vulnerabilities CVE-2026-27970, CVE-2026-29063, CVE-2025-68161, CVE-2026-27830, CVE-2024-31033, CVE-2026-33671, CVE-2026-33672, CVE-2026-32635, CVE-2025-66035, CVE-2025-66412, CVE-2026-22610, WS-2026-0003. Vulnerability Details...
IBM ApplinX Information Disclosure Vulnerability (CNVD-2026-10653)
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An information disclosure vulnerability exists in IBM ApplinX, which can be exploited by attackers to obtain sensitive information...
CVE-2025-36409
IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-36411
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-36418
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...
CVE-2025-36418
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...
CVE-2025-36409
IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-36408
IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-36409
IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-36410
IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...
CVE-2025-36418
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...
CVE-2025-36419 Multiple vulnerabilities found in IBM ApplinX.
IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system...
CVE-2025-36419
IBM ApplinX 11.1 contains CVE-2025-36419, a vulnerability where server architecture information may be disclosed, potentially aiding further attacks. Affected component: server-side information exposure in IBM ApplinX 11.1 (CVE-2025-36419). Impact: confidentiality impact (C=L) with no stated inte...
CVE-2025-36418
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...
CVE-2025-36418
IBM ApplinX 11.1 is affected by CVE-2025-36418, a privilege-escalation issue caused by improper verification of JWT tokens. This could allow an attacker to craft or modify a JSON Web Token to impersonate another user or elevate privileges. The Red Hat/others mirrors and IBM bulletin confirm the v...
CVE-2025-36418 Multiple vulnerabilities found in IBM ApplinX.
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...
CVE-2025-36418 Multiple vulnerabilities found in IBM ApplinX.
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...