Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment

Summary YAJSWYet Another Java Service Wrapper uses Apache Commons and Netty to manage services, launch and monitor application etc. WebSphere eXtreme Scale Liberty deployments, uses YAJSW to register services with the operating system. CVE-2025-27553, CVE-2025-30474 and CVE-2025-25193...

CVE-2020-6958

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper YAJSW 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service...

CVE-2020-6958

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper YAJSW 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service...

Xxe

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper YAJSW 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service...

Yet Another Java Service Wrapper Code Issue Vulnerability

NSA Ghidra is an open source reverse engineering tool from the National Security Agency NSA. A code issue vulnerability exists in JnlpSupport in Yet Another Java Service Wrapper YAJSW version 12.14 used in NSA Ghidra and other products. A remote attacker could exploit this vulnerability to obtain...

CVE-2020-6958

CVE-2020-6958 describes an XXE vulnerability in JAWS’ JnlpSupport (YAJSW) version 12.14, used by NSA Ghidra and others. The flaw could allow data exfiltration from remote hosts and may cause a denial of service. The provided documents do not include concrete exploit details or remediation steps. ...