Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Business Automation Workflow due to the October 2025 CPU

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (CVE-2025-53066, CVE-2025-53057)

Summary IBM WebSphere Application Server and IBM WebSphere Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server and IBM WebSphere Liberty has been published in a...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition is affected by a denial of service vulnerability.

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is affected by a denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Network Configuration Manager (ITNCM) is affected by a denial of service vulnerability.

Summary WebSphere Application Server, used by IBM Tivoli Network Configuration Manager ITNCM, is affected by a denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

IBM WebSphere Application Server 8.5.x < 8.5.5.29 / 9.x < 9.0.5.27 / Liberty 17.0.0.3 < 25.0.0.12 (7250200)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7250200 advisory. - In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty due to the October 2025 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

Security Bulletin: IBM Maximo Application Suite uses multiple third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses setuptools 76.1.0, urllib3-1.26.20-py2.py3-none-any.whl, cross-spawn v7.0.3, braces v3.0.2, axios-1.11.0.tgz, xmltodict-0.14.2-py2.py3-none-any.whl, WebSphere Application Server Liberty version 25.0.0.8 which is vulnerable to CVE-2025-47273, CVE-2025-5018...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable ...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7249244)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by a vulnerability as referenced in the 7249244 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting...

Security Bulletin: A security vulnerability in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary IBM® SDK, Java™ Technology Edition bundled with IBM WebSphere eXtreme Scale is affected by security vulnerability. Vulnerability Details CVEID:CVE-2025-30761 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting...

Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty

Summary multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections...

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-36047)

Summary A denial of service vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-36047 Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server...

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-36732)

Summary A denial of service vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-36732 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 fo...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2016-5725) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2016-5725 DESCRIPTION: Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE,...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36047) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2024-56339) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow ...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36000) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. Thi...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36124) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...