CVE-2011-1322

The SOAP with Attachments API for Java SAAJ implementation in the Web Services component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption via encrypted SOAP messages...

CVE-2011-1320

The Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server TIP/eWAS framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote...

CVE-2011-1319

The Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service memory consumption by using a Lightweight Third-Party Authentication LTPA token for authentication...

CVE-2011-1316

The Session Initiation Protocol SIP Proxy in the HTTP Transport component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service worker thread exhaustion and UDP messaging outage by sending many UDP messages...

CVE-2011-1317

Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages JSP component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption by sending many JSP requests that trigger...

CVE-2011-1318

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages JSP component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption by accessing a JSP page of an application that is repeatedly stoppe...

CVE-2011-1315

Memory leak in the messaging engine in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption via network connections associated with a NULL return value from a synchronous JMS receive call...

CVE-2011-1314

The Service Integration Bus SIB messaging engine in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service daemon hang by performing close operations via network connections to a queue manager...

CVE-2011-1313

Double free vulnerability in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service S0C4 ABEND and storage corruption by rejecting IIOP requests at opportunistic time instants, as demonstrated by request...

CVE-2011-1312

The Administrative Console component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a 1 user or 2 gro...

CVE-2010-2324

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors...

CVE-2012-2201

IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager...

CVE-2012-4863

IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability...

CVE-2009-4153

Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory...

CVE-2006-7164

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests...

Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2025-23184).

Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2025-23184. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-231...

Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard (CVE-2025-23184).

Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2025-23184. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A...

Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2025-23184).

Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2025-23184. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

Security Bulletin: WebSphere Service Registry and Repository (WSSR) is affected by IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository, and it uses the IBM® Java SDK. Information about the IBM® Java SDK April 2025 CPU is available in a Security Bulletin. Vulnerability Details Refer to the security bulletins listed in the...