Authors: Created by IBM

IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. CVEID:  CVE-2025-36124^[1]
DESCRIPTION:  IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration.
CWE:  CWE-268:Privilege Chaining^[2]
...

Just published by IBM: Read more

Authors: Created by IBM

Just published by IBM: Read more

Authors: Created by IBM

File link	File size	File description

...

Just published by IBM: Read more

Authors: Created by IBM

There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. CVEID: CVE-2025-48976^[1]
DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.This issue affects Apache Commons FileUpload:from 1.0 before 1.6;from 2.0.0-M1 before 2.0.0-M4.Users are...

Just published by IBM: Read more

Authors: Created by IBM

IBM WebSphere Application Server Liberty is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. CVEID: CVE-2025-36047^[1]
DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to a denial of service, caused by sending a specially-crafted request.A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CWE: CWE-770:Allocation ...

Just published by IBM: Read more