Lucene search
K

17 matches found

NVD
NVD
added 2025/08/12 8:15 p.m.3 views

CVE-2025-36000

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

4.8CVSS0.00165EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 7:22 p.m.53 views

Security Bulletin: Multiple vulnerabilities in IBM Liberty for Java for IBM Cloud

Summary There are vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code t...

9.8CVSS8.2AI score0.99999EPSS
Exploits19
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/09 4:46 p.m.34 views

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM Liberty for Java for IBM Cloud due to CVE-2022-40609

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. The CVEs listed in this document might affect some configurations of IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run yo...

9.8CVSS9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 6:19 p.m.29 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM Liberty for Java for IBM Cloud with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the remediation section. Vulnerability Details...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/09 3:38 p.m.40 views

Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary There is a vulnerability in the Apache CXF library used by IBM Liberty for Java for IBM Cloud with the jaxws-2.2 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in...

9.8CVSS9.3AI score0.0193EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 8:51 p.m.28 views

Security Bulletin: WebSphere Application Server is vulnerable for information disclosure that affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote,...

4.3CVSS4.8AI score0.0112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/19 9:1 p.m.54 views

Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in October 2018, January 2019, April 2019, July 2019 and October 2019. IBM Cognos Business Intelligence...

9.8CVSS0.7AI score0.94494EPSS
Exploits17Affected Software1
Symantec
Symantec
added 2019/10/23 12:0 a.m.17 views

IBM Liberty for Java for Cloud Multiple Security Vulnerabilities

Description IBM Liberty for Java for Cloud is prone to an information-disclosure and security bypass vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions or obtain sensitive information which may lead to further attacks. Technologies Affected IBM...

0.1AI score
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/28 3:15 p.m.57 views

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM WebSphere Liberty Server

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to multiple security vulnerabilities. There are multiple vulnerabilities in IBM® WebSphere Liberty Server, Version 18.0.0.4 included in this release of IGI. These issues were disclosed as par...

9.8CVSS0.9AI score0.13872EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:51 p.m.29 views

Security Bulletin: Information disclosure in WebSphere Application Server (WAS) shipped with Jazz for Service Management(JazzSM) (CVE-2017-1681)

Summary There is a potential information disclosure vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15 could allow a local attacker to obtain sensitive information, caused by...

3.3CVSS0.6AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:51 p.m.21 views

Security Bulletin: Information disclosure in WebSphere Application Server shipped with Tivoli Integrated Portal (CVE-2017-1681)

Summary There is a potential information disclosure vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15 could allow a local attacker to obtain sensitive information, caused by...

3.3CVSS0.5AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:28 a.m.12 views

Security Bulletin: Security vulnerabilities in IBM WebSphere Application Server affects Rational Insight (CVE-2017-1681)

Summary The Rational Insight is shipped with a version of the IBM WebSphere Application Server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for...

3.3CVSS0.9AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:52 p.m.30 views

Security Bulletin: A vulnerability in IBM Liberty affects IBM Algo One Core CVE-2017-1681

Summary A vulnerability in IBM Liberty affects IBM Algo One Core CVE-2017-1681 Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15 could allow a local attacker to obtain sensitive information, caused by improper handling o...

3.3CVSS0.6AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:52 p.m.38 views

Security Bulletin: A security vulnerability in IBM Liberty affects IBM Algo One Algo Risk Application (ARA) CVE-2017-1681

Summary A security vulnerability in IBM Liberty affects IBM Algo One Algo Risk Application ARA CVE-2017-1681 Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for Bluemix 3.15 could allow a local attacker to obtain sensitive information,...

3.3CVSS0.5AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.35 views

Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix

Summary There is a potential bypass security restriction vulnerability in IBM WebSphere Application Server. This will only occur in environments that have the webcontainer custom property HttpSessionIdReuse enabled. There is a potential denial of service with IBM WebSphere Application Server when...

7.8CVSS0.7AI score0.39584EPSS
Exploits0Affected Software1
CVE
CVE
added 2018/01/11 5:0 p.m.81 views

CVE-2017-1681

CVE-2017-1681 is an information-disclosure vulnerability in IBM WebSphere Application Server (Liberty and Traditional) where improper handling of application requests could allow a local, authenticated attacker to read a file. IBM bulletins specify affected products (e.g., WebSphere as part of IB...

3.3CVSS3.5AI score0.0035EPSS
Exploits0References3Affected Software1
Symantec
Symantec
added 2015/07/14 12:0 a.m.78 views

Oracle Java SE CVE-2015-2590 Remote Security Vulnerability

Description Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Libraries' sub-component. This vulnerability affects the following supported versions: Java SE 6u95, Java SE 7u80, Java SE 8u45, Java SE...

10CVSS0.8AI score0.25469EPSS
Exploits0References1Affected Software53
Rows per page
Query Builder