Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Produc...

Security Bulletin: Financial Transaction Manager v4 is impacted by a denial of service(DoS) vulnerability in WebSphere Liberty (CVE-2024-25026)

Summary IBM WebSphere Application Server Liberty is bundled with Financial Transaction Manager. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of...

Security Bulletin: IBM Master Data Management is vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server (CVE-2024-45072)

Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user coul...

Security Bulletin: IBM Match 360 is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM Match 360 is vulnerable to an XML External Entity XXE injection because of a vulnerable found in IBM Websphere Application Server Liberty. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service attack originating in IBM WebSphere Application Server Liberty (CVE-2024-27268)

Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service. This vulnerability is addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Product...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Maximo Asset Management- A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45072)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45071)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary The security issue described in CVE-2024-45086 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM TXSeries for Multiplatforms is vulnerable to a denial-of-service attack (DoS) (CVE-2024-41742 and CVE-2024-41743).

Summary IBM TXSeries for Multiplatforms is vulnerable to a denial-of-service attack DoS CVE-2024-41742 and CVE-2024-41743. The settings that can be used to secure the IBM WebSphere Liberty profile of IBM TXSeries for Multiplatforms are provided in the following documentation. Vulnerability Detail...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting (CVE-2024-45087)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2024-7254).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2024-7254. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Goog...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard (CVE-2024-7254).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2024-7254. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...