CVE-2025-27907

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-27907

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-27907 IBM WebSphere Application Server server-side request forgery

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-27907 IBM WebSphere Application Server server-side request forgery

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-27907

Summary of evidence for CVE-2025-27907: IBM WebSphere Application Server (WAS) versions 8.5 and 9.0 are vulnerable to server-side request forgery (SSRF), potentially allowing an authenticated attacker to send unauthorized requests from the WAS host, enabling network enumeration or related attacks...

IBM WebSphere Application Server 代码问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A server-side request forgery vulnerability exists in IB...

PT-2025-17551 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. It is...

Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty and Open Source Software OSS components used by IBM Cognos Analytics. Additionally, Cognos Analytics is vulnerable to an XML External Entity Injection XXE. For more information about the vulnerability impact, refer to t...

Security Bulletin: IBM WebSphere Automation is vulnerable to an unauthorized code or commands execution weakness (CVE-2024-54181)

Summary IBM WebSphere Automation is vulnerable to an unauthorized code or commands execution weakness. Vulnerability Details CVEID:CVE-2024-54181 DESCRIPTION: IBM WebSphere Automation could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Usi...

Security Bulletin: IBM Cognos Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Java™, IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Controller. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direc...

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Controller. Additionally, due to weak password requirements, IBM Controller is susceptible to compromised user accounts. Please refer to the table in the Related...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2024-22020 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system. By embedding...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java. The flaws can lead to denial of service, sensitive information exposure, memory resource...

Security Bulletin: Due to use of WebSphere Liberty, IBM Cloud Pak Sys is vulnerable to a Denial of Service

Summary WebSphere Liberty is used by IBM Cloud Pak System as part of the WebSphere Liberty pattern type using GraphQL Java CVE-2024-40094. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server Liberty container shipped with containerized IBM Security Guardium Key Lifecycle Manager 5.0 (GKLM) (CVE-2024-10963)

Summary WebSphere Application Server Liberty container is shipped as a component of containerized IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server Liberty container has been published in a security bulletin...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...