Lucene search
K

123 matches found

NVD
NVD
added last week5 views

CVE-2026-11806

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...

7.5CVSS0.00472EPSS
Exploits0References1
CVE
CVE
added last week11 views

CVE-2026-11714

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 are affected by a server-side request forgery (SSRF) vulnerability in the apiDiscovery-1.0 feature. The issue is identified as CVE-2026-11714; IBM’s bulletin reports CVSS v3.1 base score 8.5 (PR:L, S:C, C:H/I:L/A:N). The ...

9.8CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added last week5 views

EUVD-2026-40395

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...

8.5CVSS5.8AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added last week32 views

CVE-2026-11806 IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...

7.2CVSS0.00472EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53964

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.7 Description A server-side request forgery SSRF issue exists when the apiDiscovery-1.0 feature is enabled. SSRF is a flaw that allows an attacker to induce the...

9.8CVSS6AI score0.00203EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:42 p.m.3 views

Security Bulletin: IBM i is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2026-10852, CVE-2026-8858, CVE-2026-9072, CVE-2026-8633, CVE-2026-8620]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to denial of service, remote code execution, and HTTP request smuggling when an attacker passes crafted requests to the web server or impersonates the application server and returns crafted responses CVE-2026-10852,...

9.8CVSS6.5AI score0.00847EPSS
Exploits0Affected Software5
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.15 views

CVE-2026-5516

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...

5.9CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 1:0 p.m.12 views

CVE-2026-5516 IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...

4.4CVSS5.8AI score0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43955

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server - Liberty versions 19.0.0.7 through 26.0.0.5 IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 WebSphere Application Server Liberty affected versions not specified...

7.5CVSS5.8AI score0.005EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 2:43 p.m.89 views

Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update

Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile WLP to version 26.0.0.4 for security update in WLP. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

9.8CVSS6.9AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 12:51 p.m.8 views

Security Bulletin: Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915).

Summary Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities...

9.8CVSS6AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/30 7:49 p.m.4 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2024-29371) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web...

7.5CVSS5.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 3:12 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the serve...

7.5CVSS5.2AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 3:9 p.m.5 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an identity spoofing vulnerability (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the server...

7.5CVSS5.2AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:43 a.m.12 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14923, CVE-2025-14915, CVE-2024-29371, CVE-2026-1561, CVE-2026-29063, CVE-2025-14917. This has been addressed in the remediation section. Vulnerability...

9.8CVSS7.9AI score0.00978EPSS
Exploits2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 11:7 p.m.5 views

CVE-2026-3621

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured...

7.5CVSS5.7AI score0.00276EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 8:23 a.m.11 views

Security Bulletin: Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to two security vulnerabilities.

Summary Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a Use of Hard-coded Cryptographic Key vulnerability CVE-2025-12635 and an Improper Neutralization of Input During Web Page...

9.8CVSS5.7AI score0.00173EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...

5.4CVSS5.8AI score0.00284EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 9:30 p.m.5 views

EUVD-2026-15982

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...

5.4CVSS5.8AI score0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:12 p.m.2 views

CVE-2025-14915

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server...

6.5CVSS5.8AI score0.00498EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder