IBM WebSphere Application Server Server-Side Request Forgery Vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A server-side request forgery vulnerability exists in IB...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2025-27907)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability (CVE-2025-27907)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Product...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability (CVE-2025-27907)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-27907)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2025-27907)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

Security Bulletin: IBM WebSphere Automation is vulnerable to an arbitrary code execution (CVE-2025-27363).

Summary IBM WebSphere Automation is vulnerable to an arbitrary code execution. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structure...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)

Summary The security issue described in CVE-2025-27907 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-25690)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery (CVE-2022-22493)

Summary IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery. This has been addressed. Vulnerability Details CVEID:CVE-2022-22493 DESCRIPTION: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery...

Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities. (CVE-2021-23450, CVE-1999-0001)

Summary WebSphere Application Server Liberty used by Rational Asset Analyzer is vulnerable to remote code execution due to Dojo. This has been addressed. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a...

Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications (CVE-2021-33517, CVE-2021-36090)

Summary Multiple Vulnerabilities in Apache Commons Compress affect IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications CVE-2021-33517, CVE-2021-36090 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM Predictive Maintenance and Quality (PMQ) UI: Missing Secure Attribute in Encrypted Session (SSL) Cookie (CVE-2020-4423)

Summary PMQ UI web application sends non-secure cookies over SSL. It may be possible to steal user and session information cookies that was sent during an encrypted session. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2024-47535).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2024-47535. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION:...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2025-27907)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

CVE-2025-27907

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (WebSphere Application Server traditional is vulnerable to SSRF)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)

Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Vulnerability Details CVEID:CVE-2025-27907 DESCRIPTION: IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests...

IBM WebSphere Application Server 8.5.x < 8.5.5.28 / 9.x < 9.0.5.24 (7231514)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7231514 advisory. - IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...