Security Bulletin: WebSphere Application Server Liberty is affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary WebSphere Application Server Liberty is affected by SMTP injection due to Jakarta Mail Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...

IBM WebSphere Application Server Liberty 路径遍历漏洞

IBM WebSphere Application Server Liberty is a Java application server developed by IBM, based on the Open Liberty project. Versions of IBM WebSphere Application Server Liberty from 17.0.0.3 to 26.0.0.1 have a path traversal vulnerability. This vulnerability arises when privileged users can upload...

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.2 RCE (7258224)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a remote code execution vulnerability as referenced in the 7258224 advisory. - IBM WebSphere Application Server Liberty could allow a privileged user to upload a zip archive containing path traversal...

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a privileged user to...

Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities

Summary There are multiple vulnerabilities in IBM® WebSphere Liberty ,Version 8.5.5.8 used by IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack...

PT-2026-5208

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.1 Description A privileged user could potentially upload a zip archive containing path traversal sequences, which could lead to overwriting files and arbitrary code...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty due to the January 2026 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli System Automation Application Manager (CVE-2025-12635)

Summary A cross site scripting vulnerability affecting the WebSphere Application Server has been addressed in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Netcool Configuration Manager (ITNCM) is affected by cross-site scripting (CVE-2025-12635).

Summary WebSphere Application Server, used by IBM Tivoli Netcool Configuration Manager ITNCM, is affected by cross-site scripting. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM...

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server have been addressed. Vulnerability Details CVEID:CVE-2025-36099 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denia...

Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in WebSphere Liberty affect IBM Robotic Process Automation for Cloud Pak. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifies the fixes required to...

Security Bulletin: IBM WebSphere Automation is affected by MongoDB security vulnerability

Summary IBM WebSphere Automation is affected by a MongoDB security vulnerability CVE-2025-14847. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This...

Security Bulletin: A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation for Cloud Pak (CVE-2020-36732).

Summary A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation for Cloud Pak. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifies the fixes required to address this...

Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by multiple vulnerabilities due to libexpat and the included Apache HTTP Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

CVE-2009-4152

Cross-site scripting XSS vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag...

CVE-2010-0563

The Single Sign-on SSO functionality in IBM WebSphere Application Server WAS 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted...

CVE-2010-0704

Cross-site scripting XSS vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp601500801 allows remote attackers to inject arbitrary web script or HTML via the search field...

CVE-2008-7274

IBM WebSphere Application Server WAS 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by 1 not providing a password or 2 providing an empty password...

CVE-2023-50313

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812...