Security Bulletin: CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced

Summary CVE-2023-28867 may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)

Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to t...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2023-0482, CVE-2023-24998)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by vulnerabilities in IBM WebSphere Application Server Liberty. The...

Security Bulletin: Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)

Summary IBM DS8900 Management Console is affected by Open Source expat CVE-2022-43680, libxml2 CVE-2022-40303, CVE-2022-40304, dbus CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, httpd CVE-2023-25690, systemd CVE-2022-4415, OpenSSL CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286,...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to spoofing - CVE-2022-39161

Summary IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addresse...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to spoofing - CVE-2022-39161

Summary IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addresse...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to GraphQL - CVE-2023-28867

Summary Vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-35890)

Summary WebSphere Application Server, shipped with IBM WebSphere Remote Server, is vulnerable to spoofing when using Web Server Plug-ins. Information about a security vulnerability affecting WebSphere Application when using Web Server Plug-ins has been published in a security bulletin...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554)

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity XXE Injection vulnerability. This has been addressed in the remediation section. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On could provide weaker than expected security (CVE-2023-35890)

Summary Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On could provide weaker than expected security CVE-2023-35890. This has been addressed in the remediation section below. Vulnerability Details Refer to the security...

CVE-2023-35890

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

CVE-2023-35890

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

Design/Logic Flaw

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

CVE-2023-35890 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

CVE-2023-35890 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

CVE-2023-35890

CVE-2023-35890 affects IBM WebSphere Application Server 8.5 and 9.0. the issue is weaker-than-expected security caused by improper encoding in a local configuration file. IBM advisories link to fixes/upgrades; remediation varies by product: ITNCM (IBM Tivoli Netcool Configuration Manager) 6.4.2: ...

PT-2023-25365 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue is caused by improper encoding in a local configuration file, which could provide weaker than expected security. Recommendations: For IBM WebSphere Application...

IBM WebSphere Application Server 8.5.5.23 < 8.5.5.24 / 9.0.5.15 < 9.0.5.17 (7007857)

The IBM WebSphere Application Server running on the remote host is affected by a improper encoding flaw. IBM WebSphere Application Server 8.5 and 9.0 traditional could provide weaker than expected security, caused by the improper encoding in a local configuration file. Note that Nessus has not...

IBM MQ Denial of Service (7007421)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7007421 advisory. - A denial of service DoS vulnerability exists in IBM MQ due to improper message processing. An unauthenticated, remote attacker can exploit this issue, via specially...