CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections (CVE-2025-33142). The issue is described as improper certificate validation (CWE-295). IBM has issued multiple security bulletins across products that bundle or include WAS (e.g., IBM Engi...

CVE-2025-36047 IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

CVE-2025-36047 IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

CVE-2025-36047

Summary: CVE-2025-36047 affects IBM WebSphere Application Server Liberty 18.0.0.2–25.0.0.8, enabling DoS via specially crafted requests that exhaust memory. Affected IBM Bulletins identify Liberty-based deployments (e.g., WebSphere Liberty) in various IBM products (e.g., Watson Discovery Cartridg...

Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by a security bypass vulnerability (CVE-2025-54090)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to disclosure of information.

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty CVE-2024-47535CVE-2025-25193 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2025 CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

PT-2025-33301 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: IBM WebSphere Application Server may provide weaker than expected security for TLS connections. Recommendations: At the moment, there is no information about a newer versi...

IBM WebSphere Application Server Liberty 安全漏洞

IBM WebSphere Application Server Liberty is a lightweight Java application server from IBM for rapid development and deployment of cloud-native applications. A denial of service vulnerability exists in IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8, which stems from t...

IBM WebSphere Application Server 信任管理问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A vulnerability with trust management issues exists in I...

IBM WebSphere Application Server 8.5.x < 8.5.5.29 / 9.x < 9.0.5.25 (7242172)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7242172 advisory. - IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. CVE-2025-33142 Note that Nessus has not...

IBM WebSphere Application Server 8.5.x < 8.5.5.29 / 9.x < 9.0.5.26 / Liberty 17.0.0.3 < 25.0.0.9 DoS (7242088)

The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7242088 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affect...

IBM WebSphere Application Server Liberty 17.0.0.3 < 25.0.0.9 (7242027)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7242027 advisory. - IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a...

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36047)

Summary IBM WebSphere Application Server Liberty is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerab...

IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability (CNVD-2025-18592)

IBM WebSphere Application Server Liberty is a lightweight Java application server from IBM for rapid development and deployment of cloud-native applications. A stored cross-site scripting XSS vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 25.0.0.8, whic...

PT-2025-33106 · Ibm · Ibm Websphere Application Server Liberty

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server Liberty affected versions not specified Description: IBM WebSphere Application Server Liberty is susceptible to a denial of service condition. Recommendations: At the moment, there is no information about a...

CVE-2025-36000

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

CVE-2025-36000 IBM WebSphere Application Server Liberty cross-site scripting

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

CVE-2025-36000 IBM WebSphere Application Server Liberty cross-site scripting

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

CVE-2025-36000

CVE-2025-36000 affects IBM WebSphere Application Server Liberty. The Connected IBM bulletin confirms Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting, allowing a privileged user to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a...