Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to multiple CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is vulnerable to multiple CVEs. This bulletin identifies the steps to take to address the vulnerabilities. List of CVEs: CVE-2024-22353, CVE-2023-50312, CVE-2024-27270. Vulnerability Details...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer to the security bulletins listed ...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer ...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to remote code execution (CVE-2024-35154)

Summary IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability in the administative console. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerabilit...

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server Liberty shipped with IBM OpenPages

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable CVEs...

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353.

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM...

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353.

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM...

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353.

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-40898, CVE-2024-40725)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Security Bulletin: Apache Santuario Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2023-44483]

Summary Vulnerability found in Apache Santuario WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Liberty patternType pType. Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affect IBM Cloud Pak System [CVE-2022-39161]

Summary Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2022-39161 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM WebSphere Application Server Liberty

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafte...

Security Bulletin: IBM Match 360 vulnerable to denial of service from exploit in IBM WebSphere Application Server Liberty (CVE-2024-27268)

Summary IBM Match 360 vulnerable to.a denial of service because of a vulnerability found in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2024-40898, CVE-2024-40725)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server.

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-35154

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. These fixes resolve the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM WebSphere Application Server Liberty

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0....

Security Bulletin: IBM Match 360 is vulnerable to server-side request forgery from IBM WebSphere Application Server Liberty (CVE-2024-22329)

Summary IBM Match 360 is vulnerable to to server-side request forgery due to a vulnerability found in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request...

Security Bulletin: IBM Match 360 vulnerable to denial of service from IBM WebSphere Application Server Liberty (CVE-2024-22353)

Summary IBM Match 360 is vulnerable to denial of service because of a vulnerability found in IBM WebSphere Application server Liberty. IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote...