83 matches found
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36099)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a denial of service
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a denial of service CVE-2025-36099 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-36099)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-48976)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-33142)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security for TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affect...
CVE-2025-33142 IBM WebSphere Application Server information disclosure
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections...
CVE-2024-56339
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration...
CVE-2025-36097
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources...
IBM WebSphere Application Server 代码问题漏洞
IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A code issue vulnerability exists in IBM WebSphere...
CVE-2024-45087
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2024-45071
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to information disclosure (CVE-2023-50314)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to information disclosure. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...
CVE-2024-37532
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721...
CVE-2023-23477
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j
Summary The following security issues has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fr...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734)
Summary IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to denial of service due to GraphQL Java CVE-2022-37734 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM WebSphere Application Server (CVE-2015-4000)
Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition. The IBM HTTP Server used by WebSphere...
CVE-2022-34165
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including...
CVE-2022-22473
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347...
CVE-2021-29736
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300...