Security Bulletin: Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915).

Summary Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-1561, CVE-2025-14923, CVE-2025-14917, CVE-2026-29063, CVE-2025-14915. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities...

Security Bulletin: Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2025-14915, CVE-2025-14917, CVE-2025-14923, CVE-2026-1561, CVE-2026-29063).

Summary Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2025-14915, CVE-2025-14917, CVE-2025-14923, CVE-2026-1561, CVE-2026-29063. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address these...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin CVE-2025-36122, CVE-2025-14688, CVE-2025-67735, CVE-2025-68161, CVE-2026-1352, CVE-2025-12183, CVE-2026-1577, CVE-2026-3676...

Security Bulletin: IBM Maximo Application Suite uses Websphere Liberty v.25.0.0.12 which is vulnerable to CVE-2024-29371, CVE-2025-12635 and CVE-2025-14914.

Summary IBM Maximo Application Suite uses Websphere Liberty v.25.0.0.12 which is vulnerable to CVE-2024-29371, CVE-2025-12635 and CVE-2025-14914. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j befor...

Security Bulletin:WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary WebSphere Application Server Liberty could provide weaker than expected security Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected securit...

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to jose4j used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-29371)

Summary WebSphere Application Server Liberty is affected by a denial of service due to jose4j used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS...

Security Bulletin: WebSphere Application Server Liberty is affected by a remote code execution vulnerability used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14914)

Summary WebSphere Application Server Liberty is affected by a remote code execution vulnerability used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could...

Security Bulletin: WebSphere Application Server Liberty is affected by cross-site scripting used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-12635)

Summary WebSphere Application Server Liberty is affected by cross-site scripting used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2025-14923.

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2025-14923. This bulletin contains information addressing the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-12635) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 ar...

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by a remote code execution vulnerability (CVE-2025-14914)

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses uses WebSphere Application Server Liberty was affected by a remote code execution vulnerabilityCVE-2025-14914. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a remote code execution vulnerability and vulnerable to CVE-2025-14914.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a remote code execution vulnerability and vulnerable to CVE-2025-14914. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-149...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-14914) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2024-29371) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web...

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-33151 DESCRIPTION: Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prio...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, an...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty due to the April 2026 Java CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the serve...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an identity spoofing vulnerability (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an identity spoofing vulnerability (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the server...