Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-56339, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-36097, CVE-2025-48976)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-56339,CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-36097, CVE-2025-48976. This has been addressed in the remediation section. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java

Summary IBM Enterprise Application Service for Java is affected by multiple vulnerabilities found in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server Pattern shipped with IBM Cloud Pak System

Summary IBM Cloud Pak System WebSphere Application Server Pattern WAS pType is vulnerable to multiple vulnerabilities in IBM SDK. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker...

Security Bulletin: WebSphere Application Server bundled with IBM Tivoli Composite Application Manager for Application Diagnostics is affected by a remote attacker to bypass security restrictions

Summary WebSphere Application Server is included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. CVE-2024-56339 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition could provide weaker than expected security for TLS connections

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, could provide weaker than expected security for TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-56339, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-48976, CVE-2025-36097)

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-56339, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-48976, CVE-2025-36097. This has been addressed in the remediation section. Vulnerability...

IBM WebSphere Application Server Liberty 17.0.0.3 < 25.0.0.10 (7244573)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7244573 advisory. - The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string 0. with an integer, which makes the output...

Security Bulletin: Security Vulnerabilities in Java and Liberty affect IBM Voice Gateway

Summary Multiple vulnerabilities were addressed in IBM Voice Gateway. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Buinses Automation Workflow (CVE-2025-48976)

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security...

IBM WebSphere Application Server Liberty 17.0.0.3 < 25.0.0.8 Stored Cross-Site Scripting (7242026)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a stored cross-site scripting vulnerability as referenced in the 7242026 advisory: - IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting...

IBM WebSphere Application Server Liberty 18.0.0.2 < 25.0.0.8 Denial of Service (7242086)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a denial of service vulnerability as referenced in the 7242086 advisory: - IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details...

Linux Distros Unpatched Vulnerability : CVE-2024-3367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Argument injection in webspheremq agent plugin in Checkmk 2.0.0, 2.1.0, 2.2.0p26 and 2.3.0b5 allows local attacker to inject one argument to runmqsc CVE-2024-33...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary IBM WebSphere Application Server and IBM WebSphere Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server and IBM WebSphere Liberty has been published in a...

Security Bulletin: Vulnerabilities in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2025-36097 and CVE-2024-56339).

Summary There are vulnerabilities in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2025-36097 and CVE-2024-56339. An update to IBM CICS TX Advanced has been released to address these. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9....

Security Bulletin: Vulnerabilities in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard (CVE-2025-36097 and CVE-2024-56339)

Summary There are vulnerabilities in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2025-36097 and CVE-2024-56339. An update to IBM CICS TX Standard has been released to address these. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9....