12 matches found
EUVD-2026-40413
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability...
PT-2026-53990
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description An HTTP request smuggling issue exists, which occurs when there...
PT-2026-53965
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description An arbitrary file read issue exists when the restConnector-2.0 feature is enabled. This allows an attacker to read files from the system that they should...
IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.5 Identity Spoofing (7270437)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by an identity spoofing vulnerability as referenced in the 7270437 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable...
CVE-2025-12635
CVE-2025-12635 is a cross-site scripting vulnerability in IBM WebSphere Application Server and related bundles (WAS Liberty 17.0.0.3–25.0.0.12; WAS 8.5 and 9.0). It arises from improper validation of user-supplied input, enabling an attacker to lure a user to a malicious site via a crafted URL. I...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2025-36124)
Summary IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. Vulnerability Details...
CVE-2024-56339
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration...
Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery. (CVE-2024-22329)
Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery SSRF. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID:...
PT-2024-19342 · Ibm · Ibm Websphere Application Server +1
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5, 9.0 IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3 Description: The issue is related to server-side request forgery SSRF. By sending a specially crafted request, an...
Security Bulletin: HTTP header injection vulnerability in Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2022-34165)
Summary Watson Knowledge Catalog for IBM Cloud Pak for Data has an internal dependency on IBM WebSphere Application Server Liberty. Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to a HTTP header injection. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-34165...
Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System (CVE-2021-39031)
Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage System, which could allow a remote attacker to cause a denial of service. Vulnerability Details CVEID:CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through...
Cross site scripting
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...