123 matches found
CVE-2026-11806
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...
CVE-2026-11714
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 are affected by a server-side request forgery (SSRF) vulnerability in the apiDiscovery-1.0 feature. The issue is identified as CVE-2026-11714; IBM’s bulletin reports CVSS v3.1 base score 8.5 (PR:L, S:C, C:H/I:L/A:N). The ...
EUVD-2026-40395
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...
CVE-2026-11806 IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...
PT-2026-53964
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.7 Description A server-side request forgery SSRF issue exists when the apiDiscovery-1.0 feature is enabled. SSRF is a flaw that allows an attacker to induce the...
Security Bulletin: IBM i is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2026-10852, CVE-2026-8858, CVE-2026-9072, CVE-2026-8633, CVE-2026-8620]
Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to denial of service, remote code execution, and HTTP request smuggling when an attacker passes crafted requests to the web server or impersonates the application server and returns crafted responses CVE-2026-10852,...
CVE-2026-5516
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...
CVE-2026-5516 IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window...
PT-2026-43955
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server - Liberty versions 19.0.0.7 through 26.0.0.5 IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 WebSphere Application Server Liberty affected versions not specified...
Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update
Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile WLP to version 26.0.0.4 for security update in WLP. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...
Security Bulletin: Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915).
Summary Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities...
Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2024-29371) affects IBM PowerVM Novalink.
Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability (CVE-2026-3621)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the serve...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an identity spoofing vulnerability (CVE-2026-3621)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the server...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty
Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14923, CVE-2025-14915, CVE-2024-29371, CVE-2026-1561, CVE-2026-29063, CVE-2025-14917. This has been addressed in the remediation section. Vulnerability...
CVE-2026-3621
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured...
Security Bulletin: Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to two security vulnerabilities.
Summary Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a Use of Hard-coded Cryptographic Key vulnerability CVE-2025-12635 and an Improper Neutralization of Input During Web Page...
CVE-2026-1561
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...
EUVD-2026-15982
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...
CVE-2025-14915
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server...