Security Bulletin: The IBM Engineering Test Management product using WebSphere Application Server is affected by a denial of service with glassfish jsonp (CVE-2025-36097)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service. This affects WebSphere Liberty with the jsonp-1.0, jsonp-1.1, or jsonp-2.0 features enabled. It has been addressed in this bulletin. Vulnerability Details Refer to the security...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to server-side request forgery due to IBM WebSphere Application Server Liberty (CVE-2024-22329)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to a denial of service due to Apache Commons FileUpload CVE-2023-24998 Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2023-23477)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2022-34336)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)

Summary Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. The fix addresses the vulnerability by removing Apache Log4j. Vulnerability Details...

Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. IBM Spectrum Control has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM WebSphere Application Server -...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-45105, CVE-2021-44832)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2021-2161)

Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in t...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2021 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These might affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Applicatio...

Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2020-4643)

Summary Embedded IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager for Wireline(Deferred CVE-2020-2590 and CVE-2020-2601)

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version that is used by Tivoli Netcool Performance Manager. This issues is disclosed as part of the IBM Java SDK updates for July 2020. Information about a security vulnerability affecting IBM WebSphere Application Server has...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business

Summary IBM WebSphere Application Server is shipped with Tivoli Access Manager for e-business. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2020-4365)

Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2020-4362)

Summary IBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2019-10086)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the...

Security Bulletin: Content Collector for Email is affected by a Weaker than expected security when using transition mode for SP800-131a in WebSphere App Server

Summary Content Collector for Email has addressed the following vulnerability. IBM WebSphere Application Server could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in th...

Security Bulletin: WebSphere App Server - Out of Memory Exception can cause DOS

Summary IBM Worklight/MobileFoundation has addressed the following vulnerability. WebSphere App Server - Out of Memory Exception can cause DOS Vulnerability Details CVEID: CVE-2019-4046 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling...

Security Bulletin: Content Collector for Email is affected by a WebSphere App Server - Out of Memory Exception can cause DOS

Summary Content Collector for Email has addressed the following vulnerability. IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. Vulnerabilit...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager(CVE-2015-1283)

Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Configuration Manager ITNCM. A vulnerability reported in IBM Websphere 7.0.0.37 has been addressed by IBM Tivoli Netcool Configuration Manager. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION: Multiple...