Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a denial of service,

Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-25026 Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an...

Security Bulletin: Vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - October 2024 CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 24.0.0.x which is vulnerable information disclosure

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 24.0.0.x which is vulnerable information disclosure. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application...

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages affected by information disclosure vulnerability (CVE-2023-50314)

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about an information disclosure security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the...

The vulnerability of the Swagger interface of the IBM WebSphere Automation platform for automating the management and deployment of applications and services allows a perpetrator to execute arbitrary code.

The vulnerability of the Swagger interface of the IBM WebSphere Automation platform for application and service automation and deployment is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious...

IBM WebSphere Automation Command Injection Vulnerability

IBM WebSphere Automation is an automation management software from IBM for optimizing and managing data center resources. A security vulnerability exists in IBM WebSphere Automation version 1.7.5. A remote attacker could exploit the vulnerability to execute arbitrary code on the system...

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

CVE-2024-54181 IBM WebSphere Automation command injection

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

CVE-2024-54181

IBM WebSphere Automation 1.7.5 is vulnerable to an OS Command Injection due to improper neutralization of inputs in the Swagger UI. A remote privileged user with Swagger UI access can execute arbitrary code on the system. IBM’s security bulletin confirms affected version 1.7.5 and recommends upgr...

CVE-2024-54181 IBM WebSphere Automation command injection

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

IBM WebSphere Automation 操作系统命令注入漏洞

IBM WebSphere Automation is an automation management software from IBM for optimizing and managing data center resources. A security vulnerability exists in IBM WebSphere Automation version 1.7.5. A remote attacker could exploit the vulnerability to execute arbitrary code on the system...

PT-2024-9964 · Ibm · Ibm Websphere Automation

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Automation version 1.7.5 Description: The vulnerability in the IBM WebSphere Automation platform's Swagger interface is related to the failure to neutralize special elements used in operating system commands. This could allow a...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information, as described in the "Vulnerability...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information, as...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information, as...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server. Network to conduct spoofing attacks, as described in the "Vulnerability Details" section. CVE-2023-50314. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere...

Security Bulletin: There is an Information Disclosure vulnerability in IBM WebSphere Application Server Liberty that is shipped with CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms (CVE-2023-50314).

Summary There is an Information Disclosure vulnerability in IBM WebSphere Application Server Liberty that is shipped with CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms CVE-2023-50314. An update to CICS Transaction Gateway Desktop Edition and CICS...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-7254, CVE-2022-46363, CVE-2015-2156, CVE-2020-11612. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol...