IBM MQ 资源管理错误漏洞

IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM. It provides a reliable and proven messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ Clients versions 9.2 CD, 9.3 CD, and 9.3 LTS that stems from...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2023-26283)

Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

CVE-2022-39161

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could...

CVE-2022-39161

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could...

Spoofing

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could...

CVE-2022-39161 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could...

CVE-2022-39161 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could...

CVE-2022-39161

CVE-2022-39161 affects IBM WebSphere Application Server (including Liberty) when using the Web Server Plug-ins, enabling MITM-style spoofing with a certificate from a trusted authority. The vulnerability arises from lack of hostname validation in the plug-in communications, allowing an authentica...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2022-39161)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. This has been addressed in the remediation section. Vulnerability Detail...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server traditional included with IBM Tivoli System Automation Application Manager (CVE-2023-24998)

Summary IBM WebSphere Application Server traditional is used by IBM Tivoli System Automation Application Manager and is vulnerable to a denial of service due to Apache Commons FileUpload. Required fixes for affected WebSphere Application Server traditional has been published in the security...

IBM WebSphere Application Server 信任管理问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A trust management issue vulnerability exists in IBM...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2023 - Includes Oracle January 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to spoofing when using Web Server Plug-ins CVE-2022-39161 Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to spoofing when using Web Server Plug-ins (CVE-2022-39161)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to spoofing when using Web Server Plug-ins CVE-2022-39161 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2023-24966)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities.

Summary IBM WebSphere Application Server for IBM i is vulnerable to a server-side request forgery due to a flaw in parsing the href attribute CVE-2022-46364, and is affected by an attacker obtaining sensitive information due to improper permissions on a temporary file CVE-2022-45787, attacker...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-24966)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2023-30441)

Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2022-21426)

Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...