Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2023-50314)

Summary An issue was identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could...

IBM MQ 9.1 < 9.1.0.24 LTS / 9.2 < 9.2.0.28 LTS / 9.3 < 9.3.0.25 LTS / 9.3 < 9.4.1 CD / 9.4 < 9.4.0.6 LTS (7174363)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7174363 advisory. - IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could...

CVE-2024-30106

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30106

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30106

CVE-2024-30106 affects HCL Connections and is caused by an IBM WebSphere Application Server error that improperly handles request data, enabling information disclosure of sensitive information. The NVD entry lists a CVSS v3.1 base score of 4.3 (MEDIUM) with Network attack vector, low privileges r...

PT-2024-23187 · Ibm +1 · Ibm Websphere Application Server +1

Name of the Vulnerable Software and Affected Versions: HCL Connections affected versions not specified Description: The issue is related to an information disclosure problem caused by an error in IBM WebSphere Application Server. This could allow unauthorized access to sensitive information due t...

Security Bulletin: A security vulnerability has been identified in WebSphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2022-46364)

Summary WebSphere Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Liberty has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-50314 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is vulnerable to CVE-2023-50314. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers a.k.a., protobuf is vulnerable to a denial of service, caused by a stack-based buffer overfl...

Security Bulletin: IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details CVEID:CVE-2024-45071 DESCRIPTION: IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user t...

Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details CVEID:CVE-2024-45072 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML...

Security Bulletin: There are multiple vulnerabilities in IBM WebSphere Application Server that can affect IBM Elastic Storage System that are now included

Summary There are multiple vulnerabilities in IBM WebSphere Application Server, used by IBM Storage Scale Elastic Storage System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-45071)

Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and is vulnerable to cross-site scripting in the Admin Console. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability...

Security Bulletin: IBM WebSphere Application Server traditional shipped with IBM Tivoli System Automation Application Manager is vulnerable to an XML External Entity Injection (XXE) vulnerability

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-45072 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application ManagerCVE-2024-45085 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service due to jose4j Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client. The flaws can lead to denial of service, security restrictions bypass, sensitive information...

Security Bulletin: Multiple vulnerabilities in IBM Java and WebSphere may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java and WebSphere. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details"...