Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to disclosure of information.

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2015-7450)

Summary WebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes Affected...

Security Bulletin: IBM WebSphere Application Server is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details CVEID:CVE-2024-45085 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, under...

Security Bulletin: Loss of confidentiality in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2023-50314).

Summary IBM Storage Protect Operations Center may be affected by loss of confidentiality caused by using a certificate issues by trusted authority in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3...

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a spoofing attack [CVE-2023-50314].

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to an attacker with access to the network to conduct spoofing attacks as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in IBM Java SDK.

Summary IBM Cloud Pak System is vulnerable to multiple vulnerabilities in IBM SDK. The fix removes these vulnerabilities as per IBM SDK, Java Technology Apr 2024. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allo...

Security Bulletin: IBM SDK Java Technology Edition is vulnerable to CVEs (set out in the link below), affecting WebSphere Service Registry and Repository due to October 2024 CPU

Summary IBM SDK Java Technology Edition is vulnerable to CVE-2024-10917, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in December 2024. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

Security Bulletin: Vulnerability in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to October 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple security vulnerabilities in IBM WebSphere Application Server

Summary IBM Sterling B2B Integrator is affected by multiple security vulnerabilities in IBM WebSphere Application Server Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to obtain sensitive information, caused by allowing of a low iteration count of 100...

Security Bulletin: A security vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation which may result in spoofing attacks (CVE-2023-50314)

Summary A security vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation which may result in spoofing attacks. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation. IBM WebSphere Liberty Profile is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to...

Security Bulletin: Financial Transaction Manager v4 is impacted by multiple vulnerabilities in WebSphere Liberty

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager 4.0.6.0 iFix4 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

Security Bulletin: Financial Transaction Manager for Digital Payments is impacted by an information disclosure vulnerability in WebSphere Application Server Liberty

Summary An information disclosure vulnerability has been addressed in Financial Transaction Manager 3.2.13 for Digital Payments, Corporate Payment Services and High Value Payments. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through...

Security Bulletin: Multiple vulnerabilities may affect IBM SPSS Analytic Server

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty were addressed in IBM SPSS Analytic Server. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM SPSS Analyt...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about the security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314

Summary Security Bulletin:IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2024-45663, CVE-2024-41762, CVE-2024-41761, CVE-2024-40679, CVE-2024-37071 Vulnerability Details Refer to the security bulletins...

Security Bulletin: Vulnerability in WebSphere Application Server affect IBM Cloud Pak System[CVE-2023-51775]

Summary Vulnerability found in jose4 used by WebSphere Application Server affect IBM Cloud Pak System Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attack...

Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Cloud Pak System [CVE-2024-22354]

Summary XML External Entity Injection XXE Vulnerability in WebSphere application Server and WebSphere Application Server Liberty affects IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...

Security Bulletin: IBM Sterling Global Availability Mailbox is affected by a WebSphere Liberty vulnerability (CVE-2023-46158)

Summary IBM Sterling Global Availability Mailbox is affected by IBM WebSphere Application Server Liberty it could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. Vulnerability Details...