Security Bulletin: Denial of service in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-27268).

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by specially crafted request in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM TXSeries for Multiplatforms is vulnerable to a denial-of-service attack (DoS) (CVE-2024-41742 and CVE-2024-41743).

Summary IBM TXSeries for Multiplatforms is vulnerable to a denial-of-service attack DoS CVE-2024-41742 and CVE-2024-41743. The settings that can be used to secure the IBM WebSphere Liberty profile of IBM TXSeries for Multiplatforms are provided in the following documentation. Vulnerability Detail...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Produc...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM Match 360 is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM Match 360 is vulnerable to an XML External Entity XXE injection because of a vulnerable found in IBM Websphere Application Server Liberty. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service attack originating in IBM WebSphere Application Server Liberty (CVE-2024-27268)

Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service. This vulnerability is addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Product...

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard (CVE-2024-7254).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2024-7254. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers...

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-7254).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-7254. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service attack originating in IBM WebSphere Application Server Liberty (CVE-2024-25026)

Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service. This vulnerability is addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Product...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary The security issue described in CVE-2024-45086 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: A vulnerability in IBM WebSphere Liberty affects IBM Robotic Process automation and may result in a denial of service (CVE-2024-22353).

Summary A vulnerability in IBM WebSphere Liberty affects IBM Robotic Process automation and may result in a denial of service CVE-2024-22353. IBM Robotic Process Automation uses Liberty as an application server within containers as well as part of user management services. This bulletin identifie...

Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45085)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072).

Summary The security issue described in CVE-2024-45072 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...