IBM WebSphere Application Server 跨站脚本漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

PT-2023-20584 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server version 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.

Summary Multiple vulnerabilities in Dojo toolkit and jQuery version shipped with IBM WebSphere eXtreme Scale Liberty Deployment Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Security Bulletin: Vulnerability in IBM WebSphere Application Server (CVE-2023-23477) shipped with IBM Workload Scheduler 9.4

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. IBM WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. This has been...

Security Bulletin: InfoSphere Identity Insight vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary InfoSphere Identity Insight includes IBM WebSphere Application Server Liberty, which has a vulnerability in the Apache CXF library when jaxws-2.2 feature is enabled. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a...

Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2022-3509, CVE-2022-3171)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service that is impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to ...

Security Bulletin: Multiple Vulnerabilities in IBM HTTP Server affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server and Apache Portable Runtime: CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2006-20001, and CVE-2022-25147. IBM WebSphere Application...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway has addressed th...

Security Bulletin: IBM MQ is affected by issues in IBM WebSphere Application Server Liberty (CVE-2022-3509, CVE-2022-3171)

Summary Issues were identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a...

IBM WebSphere Application Server 8.5.x < 8.5.5.20 / 9.x < 9.0.5.8 RCE (6891111)

The IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability. IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-26281)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

IBM WebSphere Application Server Input Validation Error Vulnerability (CNVD-2023-20087)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server HTTP Server version 8.5...

Security Bulletin: IBM Financial Transaction Manager is impacted by a vulnerability in WebSphere Liberty Server (CVE-2022-22476)

Summary The vulnerability addressed by WebSphere Liberty prevents identity spoofing by an authenticated user. Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an...

Security Bulletin: Multiple security vulnerabilities has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001]

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001 Vulnerability Details Refer to the...

IBM WebSphere Application Server 7.x <= 7.0.0.45 / 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.22 / 9.x < 9.0.5.12 RCE

The IBM WebSphere Application Server installed on the remote host is affected by a remote code execution vulnerability due to the Dojo package, which is vulnerable to vulnerable to Prototype Pollution via the setObject function. Note that Nessus has not tested for this issue but has instead relie...

IBM WebSphere Application Server Liberty 17.0.0.3 < 22.0.0.3 Information Disclosure (6585704)

IBM WebSphere Application Server Liberty 17.0.0.3 less than 22.0.0.3, with the adminCenter-1.0 feature configured, is vulnerable to Prototype Pollution via the setObject function in Dojo. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-28331, CVE-2022-36760, CVE-2022-37436, CVE-2022-25147, CVE-2006-20001)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2022 - Includes Oracle October 2022 CPU and IBM Java - OpenJ9 CVE-2022-3676

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022 and IBM Ja...