Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2026-9319)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2026-9330

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

CVE-2026-9311

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

EUVD-2026-33740

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

IBM多款产品 安全漏洞

IBM WebSphere Application Server WAS, among others, are products of the American multinational company IBM. IBM WebSphere Application Server is an application server product. IBM WebSphere Application Server Liberty is a Java application server built upon the Open Liberty project. IBM webMethods...

CVE-2026-8633

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request...

CVE-2026-9170

IBM HTTP Server 8.5, and 9.0...

EUVD-2026-31921

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Engineering Test Management are affected by cross-site scripting (CVE-2025-12635)

Summary IBM WebSphere Application Server is affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. Following IBM® Engineering Lifecycle Management...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-29371 Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2024-29371)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional which could provide weaker than expected security.

Summary The security issue described in CVE-2025-13333 has been identified in the WebSphere Application Server traditional included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-13333)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli System Automation Application Manager (CVE-2025-12635)

Summary A cross site scripting vulnerability affecting the WebSphere Application Server has been addressed in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-12635)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability (CVE-2025-12635)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

CVE-2025-12635

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the...

CVE-2025-12635

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary There is a vulnerability in the Jakarta Mail library which affects IBM WebSphere Application Server traditional JavaMail and affects WebSphere Application Server Liberty with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details CVEID:CVE-2025-7962...