Security Bulletin: IBM® IBM Common Licensing using WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary Vulnerability in javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 features affects IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.11 with specific features enabled. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, and addressed in this...

Security Bulletin: IBM Common Licensing using IBM® SDK, Java™ Technology Edition vulnerable to CVEs

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty impacts IBM Common Licensing

Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofin...

Security Bulletin: IBM License Key Server Administration & Reporting Tool and Agent are vulnerable to avulnerability in Apache Commons Compress Library

Summary A Denial of Service vulnerability has been found in Apache Commons Compress. It affects IBM License Key Server Administration & Reporting Tool and its Agent. A mitigation has been released. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a...

Security Bulletin: Vulnerabilities in jdom affects IBM Common Licensing's Administration And Reporting Tool (ART) (CVE-2021-33813)

Summary Security Vulnerablities have been addressed in IBM Common Licensing. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request . A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-33813...

Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework (CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968)

Summary IBM Common Licensing is vulnerable to a remote code execution in Spring Framework CVE-2021-22096,CVE-2021-22060,CVE-2022-22950,CVE-2022-22968 as it does have Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Framework version 5.3.19...

Security Bulletin:IBM Common Licensing is affected but not classified as vulnerable by a remote code execution in Spring Framework (220575,CVE-2022-22965)

Summary IBM Common Licensing is affected but not classified as vulnerable to a remote code execution in Spring Framework 220575, CVE-2022-22965 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a...

Security Bulletin: A Privilege Escalation vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool and its Agent

Summary A Privilege Escalation related vulnerability has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART and its Agent. A fix has been published. Vulnerability Details CVEID: CVE-2021-22118 DESCRIPTION: VMware Tanzu Spring Framework could allow a local...

Security Bulletin: Multiple Vulnerabilities in IBM® WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent

Summary There are multiple vulnerabilities in the IBM® WebSphere Application Server Liberty used by IBM LKS Administration and Reporting Tool and its Agent. A fix has been identified and is being published here. Vulnerability Details CVEID: CVE-2021-26296 DESCRIPTION: Apache MyFaces is vulnerable...