Security Bulletin: IBM Sterling Global Mailbox is affected by a IBM WebSphere Vulnerability that could cause denial of service (CVE-2023-44487)

Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2023-44487...

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)

Summary IBM Sterling Global High Availability Mailbox is affected by a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Vulnerability Details CVEID:CVE-2023-44483...

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected byWebSphere liberty vulnerability (CVE-2023-46158)

Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. Vulnerability Details...

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by WebSphere Liberty vulnerability (CVE-2023-38737)

Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it is vulnerable to a denial of service with the restfulWS-3.0 or restfulWS-3.1 feature enabled. This has been addressed in the remediation section. Vulnerability Details...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty impacts IBM Common Licensing

Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofin...

The vulnerability of the IBM WebSphere Application Server application server relates to incorrect restrictions on XML references to external objects, which allows attackers to expose confidential information or exploit memory resources.

The vulnerability of the IBM WebSphere Application Server application server is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose confidential information or exploit memory resources...

IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2024-45435)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-45087)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details CVEID:CVE-2024-45087 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

Security Bulletin: IBM Sterling B2B Integrator is affected by IBM WebSphere Application Server risky configuration cryptography

Summary IBM Sterling B2B Integrator is affected by IBM WebSphere Application Server risky configuration cryptography Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound...

Security Bulletin: WebSphere Application Server Liberty shipped with IBM Operations Analytics - Log Analysis is vulnerable to information disclosure (CVE-2023-50314)

Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console.

Summary The security issue described in CVE-2024-45087 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

IBM WebSphere Application Server 8.5.x < 8.5.5.27 / 9.x < 9.0.5.22 XSS (7175393)

The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7175393 advisory. - IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7175229)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7175229 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...

IBM WebSphere Application Server 8.5.x < 8.5.5.27 / 9.x < 9.0.5.22 (7174745)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7174745 advisory. - IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A privileged user...

Security Bulletin: A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard.

Summary A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liber...

Security Bulletin: A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms.

Summary A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere...

Security Bulletin: A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced.

Summary A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liber...

Security Bulletin: IBM Master Data Management vulnerable to information disclosure due to IBM WebSphere Application Server

Summary IBM Master Data Management version 11.6, 12.0, and 14.0 are impacted by vulnerability in IBM WebSphere Application Server that can lead to information disclosure. IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. A...

Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details CVEID:CVE-2024-45086 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when...

CVE-2024-45087

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...