IBM WebSphere Application Server 安全漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer (CVE-2024-22354)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE CVE-2024-22354. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM WebSphere Application Server Liberty

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2019-4505)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty's server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

Security Bulletin: IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service (CVE-2024-22353)

Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by IBM WebSphere Application Server Liberty cross-site scripting (CVE-2024-27270)

Summary IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting CVE-2024-27270 may affect SPSS Collaboration and Deployment Services Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Product...

Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty's denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-40681, CVE-2024-40680, CVE-2024-2511, CVE-2024-21085 Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty's XML External Entity XXE injection vulnerability Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server is vulnerable to CVE-2024-25026 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server which is vulnerable to CVE-2024-25026. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5...

VulnCheck KEV: CVE-2020-4450

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231...

Security Bulletin: Security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool.

Summary There is security vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to...

Security Bulletin: IBM WebSphere Application Server Liberty vulnerability affect IBM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to XML External Entity Injection XXE attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Libert...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Storage Scale System

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System, which could allow a remote attacker to cause a denial of service. CVE-2023-46158, CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Serve...

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2024 CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM Master Data Management affected by vulnerabilites in IBM WebSphere Application Server to cross-site scripting (CVE-2024-35153)

Summary IBM Master Data Management version 11.6, 12.0 and 14.0 are impacted by vulnerability in IBM WebSphere Application Server. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...

Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty information disclosure vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: Vulnerability of okhttp-3.9.0.jar is affecting APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent and APM Data Collector for J2SE

Summary APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent and APM Data Collector for J2SE are vulnerable to okhttp-3.9.0.jar CVE-2023-0833. The workaround includes okhttp-3.9.0.jar upgraded to okhttp-4.12.0.jar. Vulnerability Details CVEID:CVE-2023-0833...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50315)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...