Security Bulletin: IBM HTTP Server is vulnerable to a denial of service due to libexpat (CVE-2023-52425)

Summary IBM HTTP Server, which is used by IBM WebSphere Application Server, is vulnerable to a denial of service due to libexpat using a specially crafted request. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system...

IBM WebSphere Application Server Liberty Encryption Issue Vulnerability

IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A cryptographic issue vulnerability exists in IBM WebSphere Application Server Liberty that stems from a failure to adhere to user configuration...

IBM WebSphere Application Server Liberty 17.0.0.3 < 24.0.0.3 (7125527)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7125527 advisory. - IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections...

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections caus...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to January 2024 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in January 2024. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

IBM MQ 输入验证错误漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. An input validation error vulnerability exists in IBM MQ that stems from incorre...

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty may affect IBM Business Automation Workflow (CVE-2023-44487)

Summary WebSphere Liberty is shipped with IBM Business Automation Workflow traditional to support Process Federation Server and User Management Services. WebSphere Liberty is also the application server for IBM Business Automation Workflow on Containers. A denial of service vulnerability has been...

Security Bulletin: Information disclosure vulnerability in IBM WebSphere Application Server Liberty affect IBM Business Automation Workflow - CVE-2023-44483

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM Business Automation Workflow for User Management Services and Process Federation Server. IBM WebSphere Applciation Server Liberty is also the basis for containerized IBM Business Automation Workflow. A security...

CVE-2023-50312

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711...

CVE-2023-50312

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711...

Code injection

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711...

CVE-2023-50312

CVE-2023-50312 affects IBM WebSphere Application Server Liberty. The issue is that outbound TLS connections could have weaker-than-expected security due to a failure to honor user configuration. Affected versions are Liberty 17.0.0.3 through 24.0.0.2. The connected documents reiterate the same de...

CVE-2023-50312 IBM WebSphere Application Server Liberty information disclosure

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711...

CVE-2023-50312 IBM WebSphere Application Server Liberty information disclosure

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711...

IBM WebSphere Application Server Liberty 加密问题漏洞

IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A cryptographic issue vulnerability exists in IBM WebSphere Application Server Liberty that stems from a failure to adhere to user configuration...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, could provide weaker than expected security for outbound TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security for outbound TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty impact IBM Common Licensing

Summary Multiple vulnerabilities in IBM WebSphere Liberty impact IBM License Key Server Administration and Reporting Tool and IBM LKS Administration Agent. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application...

Security Bulletin: IBM Maximo Application Predict Component uses WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario which is vulnerable to CVE-2023-44483

Summary IBM Maximo Application Predict Component uses WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario which is vulnerable to CVE-2023-44483 This bulletin contains information regarding the vulnerability and it's fixture Vulnerability Details...

Security Bulletin: IBM Maximo Application Predict Component uses OSS Scan - WebSphere Liberty is vulnerable to weaker than expected security which is vulnerable to CVE-2023-46158.

Summary Security Bulletin: IBM Maximo Application Predict Component uses OSS Scan - WebSphere Liberty is vulnerable to weaker than expected security which is vulnerable to CVE-2023-46158. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...