9841 matches found
EUVD-2026-38252
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...
EUVD-2026-38253
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
EUVD-2026-38254
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
EUVD-2026-38288
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...
CVE-2026-9071
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
CVE-2026-8646
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...
CVE-2026-10845
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...
CVE-2026-9320 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
CVE-2026-9071
CVE-2026-9071 affects IBM WebSphere Application Server 9.0 and 8.5, and WebSphere Application Server Liberty 17.0.0.3–26.0.0.6. It is a denial-of-service vulnerability caused by processing a specially crafted request, which can cause the server to consume memory resources (CVSS Base 7.5, Availabi...
CVE-2026-8646 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...
CVE-2026-8646
CVE-2026-8646 affects IBM WebSphere Application Server 9.0, 8.5, and WebSphere Application Server Liberty 17.0.0.3–26.0.0.6. The vulnerability is HTTP request smuggling, allowing a remote attacker to bypass security controls, spoof identity, escalate privileges, and expose sensitive information. ...
CVE-2026-8858
Summary: CVE-2026-8858 affects IBM WebSphere Web Server Plug-ins used with IBM WebSphere Application Server/Liberty and IBM HTTP Server. The vulnerability allows remote code execution and denial of service when an attacker impersonates the application server and sends crafted responses to the plu...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by server-side request forgery
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by server-side request forgery CVE-2026-9006 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Version...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by an authentication bypass vulnerability
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by an authentication bypass vulnerability CVE-2026-10845 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities when using the Web Server Plug-ins
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities when using the Web Server Plug-ins CVE-2026-9072, CVE-2026-8858, CVE-2026-10852 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-10845, CVE-2026-8646, CVE-2026-9320, CVE-2026-9071 and CVE-2026-9006)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about multiple vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in...
Security Bulletin: IBM WebSphere Application Server is affected by an identity spoofing vulnerability (CVE-2026-8644)
Summary IBM WebSphere Application Server is affected by an identity spoofing vulnerability. Vulnerability Details CVEID:CVE-2026-8644 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. CWE:CWE-290: Authentication Bypass by Spoofing CVSS Source: IBM CVSS...
Security Bulletin: IBM WebSphere Application Server is affected by remote code execution (CVE-2026-9311, CVE-2026-9330)
Summary IBM WebSphere Application Server is affected by remote code execution. Vulnerability Details CVEID:CVE-2026-9330 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On...
Security Bulletin: IBM WebSphere Application Server is affected by a remote code execution vulnerability (CVE-2026-9319)
Summary IBM WebSphere Application Server is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to...
Security Bulletin: IBM WebSphere Application Server is affected by server-side request forgery (CVE-2026-9006)
Summary IBM WebSphere Application Server is affected by a server-side request forgery vulnerability with the Ajax Proxy configured. Vulnerability Details CVEID:CVE-2026-9006 DESCRIPTION: IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF with the Ajax Proxy...