Security Bulletin: IBM WebSphere Application Server, used in IBM Security Verify Governance Identity Manager, could provide weaker than expected security (CVE-2023-35890)

Summary IBM Security Verify Governance - Identity Manager uses IBM WebSphere Application Server. The fix includes upgrading IBM WebSphere Application Server with the security patch. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server which is a component of IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is a component of IBM Operations Analytics Predictive Insights. Multiple vulnerabilities in Websphere Application Server WAS 8.5 and 9.0 affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. Information about the following relevant...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests CVE-2022-38712. The fix includes the IBM Websphere Application Server APAR PH49111 Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to HTTP header injection due WebSphere Liberty Server (CVE-2022-34165)

Summary A security vulnerability has been identified and addressed in WebSphere Liberty Server shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to WebSphere Liberty Server ( CVE-2022-3509, CVE-2022-3171)

Summary A security vulnerability has been identified and addressed in WebSphere Liberty Server shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a server-side request forgery vulnerability(CVE-2022-35282).

Summary IBM WebSphere Application Server is vulnerable to a server-side request forgery vulnerability. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Jazz for...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to SOAPAction spoofing (CVE-2022-38712)

Summary IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a remote code execution vulnerability (CVE-2023-23477)

Summary IBM WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Ja...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Ja...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console. This has been addressed in the remediation section. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554)

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity XXE Injection vulnerability. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-27554 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML External Entity...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449, CVE-2023-23487, CVE-2023-30431,...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

Summary IBM WebSphere Application Server is vulnerable to cross site scripting in the Admin Console. This has been addressed in the remediation section below. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. This has been addressed in the remediation section. Vulnerability Detail...

Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent

Summary APM WebSphere Application Server Agent is vulnerable to Apache common collections commons-collections-3.2.jar. The fix includes commons-collections-3.2.jar upgraded to commons-collections-3.2.2.jar. CVE-2015-4852, CVE-2017-15708 and CVE-2019-13116 Vulnerability Details CVEID:CVE-2015-4852...

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Commons FileUpload and Tomcat (CVE-2023-24998)

Summary A denial of service vulnerability in Apache Commons FileUpload and Tomcat affects WebSphere Liberty that is used by IBM InfoSphere Information Server. The vulnerability was addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerab...

Security Bulletin: InfoSphere Identity Insight is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary InfoSphere Identity Insight includes IBM WebSphere Application Server Liberty, which has a vulnerability in the Apache Commons FileUpload when servlet-3.0 feature is enabled. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent

Summary APM WebSphere Application Server Agent, APM SAP NetWeaver Agent and APM WebLogic Agent is vulnerable to Apache Thrift libthrift-0.12.0.jar CVE-2019-0205. The fix for WebSphere Application Server Agent and SAP NetWeaver Agent includes libthrift-0.12.0.jar upgraded to libthrift-0.17.0.jar,...

Security Bulletin: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard

Summary Summary: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a...

Security Bulletin: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms

Summary CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service,...