Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, IBM Java, and IBM Storage Protect Backup-Archive Client. The flaws can lead to denial of service, highly sensitive information exposure,...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in another security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2023-50315)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. Vulnerability Details...

IBM WebSphere Application Server XML External Entity Injection Vulnerability (CNVD-2024-43189)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. An XML external entity injection vulnerability exists in...

IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2024-43188)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

IBM WebSphere Application Server Code Issue Vulnerability (CNVD-2024-43186)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A code issue vulnerability exists in IBM WebSphere...

IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2024-46815)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

CVE-2024-45071

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-45072

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources...

CVE-2024-45072

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources...

CVE-2024-45071

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-45071 IBM WebSphere Application Server cross-site scripting

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-45071

CVE-2024-45071 affects IBM WebSphere Application Server 8.5 and 9.0 and is a stored cross-site scripting vulnerability. A privileged user can embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Several IBM security bulletins link to th...

CVE-2024-45071 IBM WebSphere Application Server cross-site scripting

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-45072 IBM WebSphere Application Server XML external entity injection

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources...

CVE-2024-45072

CVE-2024-45072 affects IBM WebSphere Application Server 8.5 and 9.0, with an XML External Entity (XXE) vulnerability when processing XML data. A privileged user could expose sensitive information or consume memory resources. IBM and Red Hat entries confirm remediation guidance: apply the WebSpher...

CVE-2024-45072 IBM WebSphere Application Server XML external entity injection

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources...

Security Bulletin: Denial of service in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-25026).

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by specially crafted request in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Serve...

PT-2024-31416 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 and 9.0 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A privileged user could exploit this to expose sensitive information or consume...