Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2025-33104)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024.

Summary IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024. . This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server is affected by a cross-site scripting vulnerability. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer to the security...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Liberty which is vulnerable to a denial of service due to Netty CVE-2024-47535

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Liberty which is vulnerable to a denial of service due to Netty CVE-2024-47535. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION:...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2025-25193, CVE-2024-47535, CVE-2025-23184)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-25193, CVE-2024-47535, CVE-2025-23184. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2025-33104)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-33104)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

CVE-2024-45071

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-45072

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources...

CVE-2024-25026

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

CVE-2024-22329

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery SSRF. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951...

CVE-2024-3367

Argument injection in webspheremq agent plugin in Checkmk 2.0.0, 2.1.0, 2.2.0p26 and 2.3.0b5 allows local attacker to inject one argument to runmqsc...

CVE-2024-27270

IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576...

CVE-2024-35153

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2024-45085

IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service...

CVE-2024-22353

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400...

CVE-2024-45073

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...