Security Bulletin: Vulnerabilities in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2025-36097 and CVE-2024-56339).

Summary There are vulnerabilities in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2025-36097 and CVE-2024-56339. An update to IBM TXSeries for Multiplatforms has been released to address these. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere...

Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a denial of service due to Netty vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the...

Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a denial of service due to Apache CXF vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed t...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management ( CVE-2025-33142)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-48976)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: The IBM Engineering Test Management product using WebSphere Application Server traditional is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. It has been addressed in this...

Security Bulletin: The IBM Engineering Test Management product using WebSphere Application Server traditional could allow a remote attacker to bypass security restrictions (CVE-2024-56339)

Summary IBM WebSphere Application Server and Webphere Application Server Liberty are affected by a security bypass caused by a failure to honor security configuration. It has been addressed in this bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: The IBM Engineering Test Management product using WebSphere Application Server is affected by a denial of service with glassfish jsonp (CVE-2025-36097)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service. This affects WebSphere Liberty with the jsonp-1.0, jsonp-1.1, or jsonp-2.0 features enabled. It has been addressed in this bulletin. Vulnerability Details Refer to the security...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a security bypass in JMS messaging (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. Following IBM® Engineering Lifecycl...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Following IBM® Engineering...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36000)

Summary IBM WebSphere Application Server Liberty is affected by a stored cross-site scripting vulnerability with the adminCenter-1.0 feature enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation,...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions (CVE-2024-56339)

Summary IBM WebSphere Application Server and Webphere Application Server Liberty are affected by a security bypass caused by a failure to honor security configuration. IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer ...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer to the...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service in glassfish jsonp (CVE-2025-36097)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service. This affects WebSphere Liberty with the jsonp-1.0, jsonp-1.1, or jsonp-2.0 features enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attac...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-33142, CVE-2025-48976)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service (CVE-2025-36047)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details Refer to the security bulletins...