Authors: Created by IBM


Action required for important upcoming changes to the Liberty container images.

As part of our ongoing commitment to improving security, reducing vulnerability exposure, and aligning with container best practices, we are announcing two important updates to the Universal Base Image (UBI) operating system variants used in the official container images for IBM WebSphere Liberty and Open Liberty....

1) Liberty images updating from UBI 9 Minimal to UBI 10 Minimal in

Just published by IBM: Read more

Authors: Created by IBM


IBM WebSphere Application Server Liberty could provide weaker than expected security administering security settings when the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature is enabled. CVEID:  CVE-2025-14917[1]
 DESCRIPTION:  IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.
 CWE:  CWE-1393:Use of Default Password[2]
...

Just published by IBM: Read more

Authors: Created by IBM


There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. CVEID:  CVE-2026-29063[1]
DESCRIPTION:  Immutable.js provides many Persistent Immutable data structures.Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs.This issue has been patched...

Just published by IBM: Read more

Weitere Beiträge ...

  1. IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)
  2. IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability (CVE-2025-14915)
  3. PH70510:WebSphere Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063 CVSS 8.7)
  4. PH60199:IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j (CVE-2023-51775 CVSS 7.5)

Seite 2 von 51