Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-33142)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a weaker than expected security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the securit...

IBM WebSphere Application Server Liberty Resource Management Error Vulnerability

IBM WebSphere Application Server Liberty is a lightweight Java application server from IBM for rapid development and deployment of cloud-native applications. A denial of service vulnerability exists in IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8, which stems from t...

CVE-2025-36000

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

CVE-2025-36124

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-33142)

Summary IBM WebSphere Application Server could provide weaker than expected security for TLS connections. Vulnerability Details CVEID:CVE-2025-33142 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security for TLS connections. CWE:CWE-295: Improper Certificate...

CVE-2025-36047

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

CVE-2025-36047

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections...

CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections...

CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections (CVE-2025-33142). The issue is described as improper certificate validation (CWE-295). IBM has issued multiple security bulletins across products that bundle or include WAS (e.g., IBM Engi...

CVE-2025-33142 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections...

CVE-2025-33142 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections...

CVE-2025-36047 IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

CVE-2025-36047 IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

CVE-2025-36047

Summary: CVE-2025-36047 affects IBM WebSphere Application Server Liberty 18.0.0.2–25.0.0.8, enabling DoS via specially crafted requests that exhaust memory. Affected IBM Bulletins identify Liberty-based deployments (e.g., WebSphere Liberty) in various IBM products (e.g., Watson Discovery Cartridg...

Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by a security bypass vulnerability (CVE-2025-54090)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to disclosure of information.

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty CVE-2024-47535CVE-2025-25193 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2025 CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

PT-2025-33301 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: IBM WebSphere Application Server may provide weaker than expected security for TLS connections. Recommendations: At the moment, there is no information about a newer versi...

IBM WebSphere Application Server 信任管理问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A vulnerability with trust management issues exists in I...