Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard. IBM WebSphere Liberty has been updated within IBM CICS TX Standard to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Netcool Configuration Manager (ITNCM), is affected by SMTP injection due to Jakarta Mail(CVE-2025-7962).

Summary WebSphere Application Server, used by IBM Tivoli Netcool Configuration Manager ITNCM, is affected by SMTP injection due to Jakarta Mail. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

Security Bulletin: WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.js

Summary WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.jsCVE-2020-36732 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary There is a vulnerability in the Jakarta Mail library which affects IBM WebSphere Application Server traditional JavaMail and affects WebSphere Application Server Liberty with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details CVEID:CVE-2025-7962...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service which is vulnerable to CVE-2025-36000.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service which is vulnerable to CVE-2025-36000. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36000...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a security bypass in JMS messaging which is vulnerable to CVE-2025-36124.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a security bypass in JMS messaging which is vulnerable to CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent

Summary Vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of agent framework in ITCAM for Applications WebSphere MQ Monitoring Agent. CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP compone...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service in glassfish jso np and vulnerable to CVE-2025-36097

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service in glassfish jso np and vulnerable to CVE-2025-36097. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36000...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to remote attacker to bypass security restrictions, DoS vulnerability. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present i...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with WebSphere Remote Server, are affected by SMTP injection due to Jakarta Mail

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and WebSphere Application Server Liberty has been published in a security bulletin...

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-7962)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about an SMTP injection vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM® Db2® shipped with IBM WebSphere Remote Server

Summary IBM® Db2® is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM® Db2® have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial-of-service due to use of Apache Commons File Upload within IBM WebSphere Application Server Liberty

Summary This security bulletin addresses the vulnerabilitiy in IBM Tivoli Application Dependency Discovery Manager due to Apache Commons File Upload used in IBM WebSphere Application Server Liberty that is vulnerable to a denial of service CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-36099, CVE-2025-7962)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool/OMNIbus WebGUI due to the October 2025 CPU

Summary Websphere Application Server WAS is shipped as a component of IBM Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

Security Bulletin: Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to multiple vulnerabilities.

Summary Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a multiple vulnerabilities CVE-2025-48976, CVE-2025-36047 and CVE-2024-56339. IBM WebSphere Application Server Liberty has...