The vulnerability of WebSphere Application Server application servers, related to incorrect restrictions on XML references to external objects, allows attackers to execute XXE attacks.

The vulnerability of the IBM WebSphere Application Server application server is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing when using Web Server Plug-ins

Summary IBM Security Verify Governance uses IBM WebSphere Application Server .The fix includes upgrading IBM WebSphere Application Server with the security patch. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing when using Web Server Plug-ins

Summary IBM Security Verify Governance uses IBM WebSphere Application Server .The fix includes upgrading IBM WebSphere Application Server with the security patch. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM Security Verify Governance, Identity Manager software component ships IBM WebSphere Application Server, which is vulnerable to cross site scripting

Summary IBM WebSphere Application Server WAS is shipped with IBM Security Verify Governance, Identity Manager software component SVGSS. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to t...

Security Bulletin: IBM Security Verify Governance ships with IBM WebSphere Application Server, which is vulnerable to denial of service

Summary IBM Security Verify Governance uses IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to a denial of service issue. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console

Summary IBM Security Verify Governance uses IBM WebSphere Application Server. The fix includes upgrading IBM WebSphere Application Server with the security patch. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console

Summary IBM Security Verify Governance uses IBM WebSphere Application Server. The fix includes upgrading IBM WebSphere Application Server with the security patch. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center(CVE-2023-27554)

Summary IBM WebSphere Application Server traditional is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center (CVE-2023-24966)

Summary IBM WebSphere Application Server traditional is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2023-27554)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2022-39161)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM HTTP Server is vulnerable to information disclosure due to IBM GSKit (CVE-2023-32342)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to information disclosure due to IBM GSKit which is used for SSL connections. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-24966)

Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161)

Summary IBM HTTP Server shipped with IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2022-39161)

Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-27554)

Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: Multiple Security Vulnerabilities have been fixed in the IBM Directory Server and IBM Directory Suite products (CVE-2022-22476, CVE-2022-34165)

Summary Multiple Security Vulnerabilities in the IBM WebSphere Application Server product as shipped with the IBM Directory Server and IBM Directory Suite products have been fixed. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through...

Security Bulletin: IBM® MobileFirst Platform is vulnerable to CVE-2023-24998

Summary IBM Websphere® Liberty is the stack on top of which the MobileFirst runtime is hosted. The Liberty version 19.0.0.5 that is packaged with the MobileFirst Platform is impacted by the vulnerability described in CVE-2023-24998. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

Summary Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to spoofing when using Web Server Plug-ins CVE-2022-39161. This has been addressed in the remediation section below. Vulnerability Details Refer to the...

Security Bulletin: Security Vulnerability in IBM Java SDK affects IBM WebSphere Service Registry and Repository (CVE-2023-30441)

Summary There is a vulnerability in the IBM SDK, Java Technology Edition, used by WebSphere Service Registry and Repository. This issue is also addressed by IBM WebSphere Application Server shipped with WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2023-30441...