Security Bulletin: IBM Operations Analytics - Log Analysis is affected by security bypass, denial of service, cross-site scripting and remote code execution vulnerabilities due to WebSphere Application Server Liberty

Summary WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of the web protection mechanism, interact with JSON data, authenticate and authorize client access for JMS messaging, manage the lifecycle of Java servlets and client, validation of user-suppli...

Security Bulletin: IBM Transformation Extender Advanced is affected by a IBM WebSphere Application Server Liberty vulnerability

Summary IBM WebSphere Application Server Liberty is used by IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine. Liberty has been updated to address CVE-2025-14923 which causes a weaker then expected security posture when using the Security Utility contained in...

IBM WebSphere Application Server Security Feature Issue Vulnerability (CNVD-2026-19182)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server WAS suffers from a...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM could provide weaker than expected security. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Ja...

Security Bulletin: IBM Security Directory Suite is affected by multiple vulnerabilities (CVE-2025-48976, CVE-2025-36047, CVE-2025-53066, CVE-2025-53057)

Summary IBM Security Directory Suite is affected by WebSphere Liberty vulnerabilities CVE‑2025‑48976, CVE‑2025‑36047 and Java vulnerabilities CVE‑2025‑53066, CVE‑2025‑53057. These vulnerabilities have been addressed with an update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-29371 Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS...

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-29371)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-29371)

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow traditional. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to...

Security Bulletin: IBM Verify Identity Governance (IVIG/ISVG) has multiple vulnerabilities

Summary Multiple security vulnerabilities in the dependent components have been addressed in the latest updates to IBM Security Verify Governance and its re-branded version, IBM Verify Identity Governance Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9.0...

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security when using the Security Utility to administer security settings. Vulnerability Details Refer to the security...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security when using the Security Utility to administer security settings. Vulnerability Details Refer to the security...

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server could provide weaker than expected security. Vulnerability Details CVEID:CVE-2025-13333 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security during system administration of security settings. CWE:CWE-358: Improperly...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when using the Security Utility to administer security settings. Vulnerability Details Refer to the security...