Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Network Configuration Manager (ITNCM) is affected by a denial of service vulnerability.

Summary WebSphere Application Server, used by IBM Tivoli Network Configuration Manager ITNCM, is affected by a denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

CVE-2022-34336

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

Ibm Websphere AS 代码问题漏洞

IBM WebSphere Application Server WAS is by IBM in accordance with open standards, such as Java EE, XML and Web Services, development and distribution of an application server. An XML External Entity Injection XXE vulnerability exists in IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0. A remot...

CVE-2020-4949

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025...

CVE-2020-4576

IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428...

Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.

Summary IBM WebSphere Cast Iron Solution & App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-1935 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual...

CVE-2018-1777

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2018-1770

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 148686...

CVE-2018-1719

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292...

CVE-2018-1621

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346...