13382 matches found
CVE-2026-11714 IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...
CVE-2026-11714
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 are affected by a server-side request forgery (SSRF) vulnerability in the apiDiscovery-1.0 feature. The issue is identified as CVE-2026-11714; IBM’s bulletin reports CVSS v3.1 base score 8.5 (PR:L, S:C, C:H/I:L/A:N). The ...
EUVD-2026-40394
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...
CVE-2026-11806 IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...
CVE-2026-11806
IBM WebSphere Application Server Liberty versions 17.0.0.3–26.0.0.6 are affected by an arbitrary file read vulnerability in the restConnector-2.0 feature (CVE-2026-11806). The issue, categorized as CWE-444: Inconsistent Interpretation of HTTP Requests, has CVSS v3.1 base scores around 7.2–7.5 (hi...
EUVD-2026-40388
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...
CVE-2026-13759 IBM WebSphere eXtreme Scale is affected by Insecure Deserilization
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...
CVE-2026-13759
CVE-2026-13759 affects IBM WebSphere eXtreme Scale (WebSphere Extreme Scale) 8.6.1.0–8.6.1.6. The root cause is insecure deserialization: three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) ship without a JEP-290 class filter. ...
EUVD-2026-40387
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...
CVE-2026-13772 IBM WebSphere eXtreme Scale's OQL is affected by remote code execution
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...
CVE-2026-13772
CVE-2026-13772 affects IBM WebSphere eXtreme Scale (OQL engine) on versions 8.6.1.0–8.6.1.6. The issue arises from attacker-supplied class names being resolved via Class.forName() and their constructors invoked at three sinks (SELECT NEW, enum literals, reflection-based comparators) without an al...
EUVD-2026-40386
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...
CVE-2026-13773 IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...
CVE-2026-13773
CVE-2026-13773 affects IBM WebSphere eXtreme Scale 8.6.1.0–8.6.1.6. Approximately 50 generated CORBA stub classes in ogclient.jar deserialize an attacker-controlled IOR via ObjectInputStream, using ORB.string_to_object() to perform outbound IIOP SSRF to a chosen host. When combined with IBM ORB g...
CVE-2026-9002 IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...
EUVD-2026-40379
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...
CVE-2026-9002
IBM WebSphere eXtremes Scale is affected in versions 8.6.1.0–8.6.1.6 by an XDF decoder validation issue. The decoder may mishandle deeply nested Protocol Buffers messages and attacker-controlled length prefixes without proper bounds checking, enabling an adjacent attacker to trigger StackOverflow...
Security Bulletin: IBM WebSphere Application Server is affected by server-side request forgery (CVE-2026-9006)
Summary IBM WebSphere Application Server is affected by a server-side request forgery vulnerability with the Ajax Proxy configured. Vulnerability Details CVEID:CVE-2026-9006 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax...
Security Bulletin: IBM WebSphere Application Server is affected by multiple vulnerabilities (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)
Summary IBM WebSphere Application Server is affected by cross-sight scripting and path traversal vulnerabilities. Vulnerability Details CVEID:CVE-2026-11712 DESCRIPTION: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative console help system...
Security Bulletin: IBM WebSphere eXtreme Scale's OQL is affected by remote code execution
Summary IBM WebSphere eXtremes Scale's OQL is affected by remote code execution CVE-2026-13772 Vulnerability Details CVEID:CVE-2026-13772 DESCRIPTION: WebSphere eXtreme Scale's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors wit...