CVE-2026-3621 IBM WebSphere Application Server Liberty is affected by identity spoofing

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured...

CVE-2025-14915 IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server...

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.4 (7267347)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7267347 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side...

CVE-2025-14914

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...

CVE-2025-36124

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

Security Bulletin: IBM MQ is affected by an identity spoofing issue in IBM WebSphere Application Server Liberty (CVE-2022-22476)

Summary An issue was identified in IBM WebSphere Application Server Liberty which IBM MQ ships and uses to supply MQ Console and MQ REST API functionality. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty a...

IBM WebSphere Application Server Liberty Denial of Service Vulnerability

IBM WebSphere Application Server WAS is by IBM in accordance with open standards, such as Java EE, XML and Web Services, development and distribution of an application server. A denial of service vulnerability exists in IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9. An attack...

Security Bulletin: Asset Analyzer (RAA) is affected by two WebSphere Application Server vulnerabilities.

Summary Rational Asset Analyzer RAA has addressed the following vulnerabilities in WebSphere Application Server. Vulnerability Details CVEID: CVE-2020-4303 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability...