IBM WebSphere Application Server Cross-Site Scripting Vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

Security Bulletin: IBM WebSphere Application Server, which is bundled with WebSphere Remote Server, is affected by a cross-site scripting vulnerability due to user ability to embed arbitrary JavaScript code in the Web UI (CVE-2025-33104)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2025-33104

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the April 2025 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

Security Bulletin: There is a vulnerability in WebSphere Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-47535)

Summary There is a vulnerability in WebSphere Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

Security Bulletin: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server is affected by a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2025-33104 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W...

CVE-2025-33104

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-33104

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-33104 IBM WebSphere Application Server cross

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-33104 IBM WebSphere Application Server cross

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-33104

Summary of CVE-2025-33104 : IBM WebSphere Application Server (WAS) 8.5 and 9.0 is vulnerable to cross-site scripting (CWE-79) affecting the Web UI, potentially enabling credential disclosure within a trusted session. Connected IBM security bulletins identify WAS as a component in multiple IBM pro...

Security Bulletin: IBM SDK Java Technology Edition is vulnerable to CVE-2024-27267, affecting WebSphere Service Registry and Repository due to July 2024 CPU

Summary IBM SDK Java Technology Edition is vulnerable to CVE-2024-27267, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in January 2024. These issues are also addressed by WebSphere Application Server shipped with WebSphere Servi...

IBM WebSphere Application Server 跨站脚本漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

PT-2025-21219 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-25193, CVE-2025-23184, CVE-2024-47535. This has been addressed in the remediation section. Vulnerability Details Refer to the security bulletins listed i...

Security Bulletin: A denial of service vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)

Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management. Vulnerability Details Refer to the security...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2025-25193)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...

IBM WebSphere Application Server Server-Side Request Forgery Vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A server-side request forgery vulnerability exists in IB...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2025-27907)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...