Security Bulletin: Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities (CVE-2025-66614, CVE-2026-24733, CVE-2026-24734) and an 'Injection' vulnerability (CVE-2026-27727).

Summary Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities CVE-2025-66614, CVE-2026-24733, CVE-2026-24734 and an Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'...

Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.

Summary IBM ApplinX has been updated in order to address multiple vulnerabilities CVE-2026-27970, CVE-2026-29063, CVE-2025-68161, CVE-2026-27830, CVE-2024-31033, CVE-2026-33671, CVE-2026-33672, CVE-2026-32635, CVE-2025-66035, CVE-2025-66412, CVE-2026-22610, WS-2026-0003. Vulnerability Details...

IBM ApplinX Unauthorized Access Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An unauthorized access vulnerability exists in IBM ApplinX that stems from insufficient server-side enforcement of client-side security, which could be...

IBM ApplinX Cross-Site Request Forgery Vulnerability (CNVD-2026-10656)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is from a...

IBM ApplinX Cross-Site Scripting Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site scripting vulnerability that can be exploited by an attacker to cause credential disclosure...

IBM ApplinX Information Disclosure Vulnerability (CNVD-2026-10653)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An information disclosure vulnerability exists in IBM ApplinX, which can be exploited by attackers to obtain sensitive information...

IBM ApplinX Data Forgery Issue Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern Web-based applications. IBM ApplinX has a data forgery issue vulnerability that stems from improper JWT token validation, which can be exploited by an attacker to elevate...

CVE-2025-36410

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...

CVE-2025-36408

IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36411

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-36419

IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system...

CVE-2025-36409

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36418

IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...

CVE-2025-36408

IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36411

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-36409

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-36418

IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...

CVE-2025-36411

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-36410

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...

CVE-2025-36410

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security...