Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security administering security settings when the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature is enabled. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: I...

Security Bulletin: IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty is affected by server-side request forgery with the samlWeb-2.0 feature enabled. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remot...

Security Bulletin: IBM i is Affected by Use of Hard-coded Cryptographic Key, Cross-site Scripting, and Prototype Pollution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-14923, CVE-2025-12635, CVE-2026-29063]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to providing weaker than expected security CVE-2025-14923, improper validation of user-supplied input CVE-2025-12635, and improperly controlled modification of object prototype attributes in the Immutable package...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a privilege escalation vulnerability (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security when administering security settings with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 ...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a privilege escalation vulnerability (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a privilege escalation vulnerability (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin:IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when administering security settings with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a security vulnerability that could provide weaker than expected security when administering security settings with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0,...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability with the samlWeb-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes secti...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability with the samlWeb-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a denial of service due to Apache Commons FileUpload

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a denial of service due to Apache Commons FileUpload CVE-2025-48976 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by cross-site scripting and vulnerable to CVE-2025-32434.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by cross-site scripting and vulnerable to CVE-2025-32434. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: I...

Security Bulletin: IBM WebSphere Automation is vulnerable to multiple security vulnerabilites

Summary Multiple security vulnerabilites were identified in the Open Liberty baseimage which is shipped with IBM WebSphere Automation. Vulnerability Details CVEID:CVE-2015-20107 DESCRIPTION: In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands...

Security Bulletin: Security Configuration vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2025-14914)

Summary IBM WebSphere Application Server Liberty is vulnerable to a remote code execution attack which can affect IBM Spectrum Protect Operations Center. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a...

Security Bulletin: IBM Storage Protect Operations Center is affected by a vulnerability in IBM WebSphere Application Server Liberty that could allow a security configuration attack (CVE-2025-12635).

Summary IBM Spectrum Protect Operations Center uses IBM WebSphere Application Server Liberty in certain components; a vulnerability in Liberty may allow a security configuration attack that could impact the security of the affected environment under specific conditions. Vulnerability Details...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7267689)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7267689 advisory. - In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names o...

CVE-2025-14917

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings...

CVE-2025-14915

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server...

CVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...