Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages has vulnerable crypto.js package (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about crypto.js package vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVE. F...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability in the Jakarta Mail library with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details Refer to the securit...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability in the Jakarta Mail library with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details Refer to the...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability in the Jakarta Mail library with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details Refer to the security...

Security Bulletin: IBM Engineering Test Management is affected by a denial of service due to WebSphere Application Server traditional.

Summary IBM WebSphere Application Server shipped with IBM Engineering Test Management is affected by a denial of service vulnerability CVE-2025-36099. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java (CVE-2020-36732)

Summary IBM Enterprise Application Service for Java is affected by a vulnerability in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server and Websphere Application Server Liberty shipped with IBM Guardium Key Lifecycle Manager (GKLM)

Summary WebSphere Application Server and Websphere Application Server Liberty is shipped as a component of IBM Guardium Key Lifecycle Manager GKLM. Information about a security vulnerability affecting WebSphere Application Server and Websphere Application Server Liberty has been published in a...

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable due to IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service .

Summary IBM Tivoli Application Dependency Discovery Manager is exposed to multiple vulnerabilities because it uses IBM WebSphere Application Server Liberty which have multiple vulnerabilities CVE-2025-36000, CVE-2025-36047, CVE-2024-56339 Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IB...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty and are affcted by affected by SMTP injection due to Jakarta Mail.

Summary The security issue described in CVE-2025-7962 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: WebSphere Application Server Liberty is affected by a security bypass in JMS messaging ( CVE-2025-36124)

Summary WebSphere Application Server Liberty is affected by a security bypass in JMS messaging CVE-2025-36124 Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions...

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 ( CVE-2025-36047)

Summary WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 CVE-2025-36047 Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a...

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service ( CVE-2025-36000)

Summary WebSphere Application Server Liberty is affected by a denial of service CVE-2025-36000 Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a...

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload ( CVE-2025-48976)

Summary WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-7962)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by SMTP injection due to Jakarta Mail

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by SMTP injection due to Jakarta Mail CVE-2025-7962 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: IBM Engineering Test Management bundles IBM WebSphere Application Server which could provide weaker than expected security.

Summary IBM WebSphere Application Server shipped with IBM Engineering Test Management could provide weaker than expected security for TLS connections CVE-2025-33142. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...