Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update

Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile WLP to version 26.0.0.4 for security update in WLP. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

CVE-2023-50313

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812...

CVE-2023-50312

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711...

EUVD-2023-55118

Malicious code in bioql PyPI...

CVE-2025-42978 Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...

CVE-2025-42978 Insufficiently Secure Hostname Verification for Outbound TLS Connections in SAP NetWeaver Application Server Java

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Storage Scale System

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System, which could allow a remote attacker to cause a denial of service. CVE-2023-46158, CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Serve...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313)

Summary IBM WebSphere Application Server could provide weaker than expected security for outbound TLS connections. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this risk, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Ref...

Security Bulletin: IBM Tivoli Netcool Impact could provide weaker tha expected security due to IBM WebSphere Application Server Liberty (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2023-50312

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this risk, it has been addressed in this bulletin: Jazz Foundation, Global Configuration Managemen...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50313)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway

Summary Security Vulnerabilities in Liberty affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor use...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale (CVE-2023-50312)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale, which could provide weaker than expected security for outbound TLS connections. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 throug...

BIT-ENVOY-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes

Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with autosni enabled, a request containing a host/:authority header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when settin...

IBM WebSphere Application Server Encryption Problem Vulnerability (CNVD-2024-20496)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. An encryption issue vulnerability exists in IBM WebSpher...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, could provide weaker than expected security (CVE-2023-50313)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, could provide weaker than expected security for outbound TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

CVE-2023-50313

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812...

IBM WebSphere Application Server 8.5.x < 8.5.5.26 / 9.x < 9.0.5.20 (7145620)

The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7145620 advisory. - IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor use...

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections caus...