Medium Severity

Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Share this post:

There are multiple security vulnerabilities that affect the IBM WebSphere Application Server in the IBM Cloud. WebSphere Application Server Admin Console is vulnerable to cross-site scripting. WebSphere Application Server Liberty is vulnerable to a denial of service. WebSphere Application Server is vulnerable to an information exposure vulnerability. WebSphere Application Server is vulnerable to an information disclosure vulnerability. WebSphere Application Server is vulnerable to an information disclosure vulnerability. There is a vulnerability in the Hibernate Validator library used by WebSphere Application Server Liberty. Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2020 CPU.

Affected product(s) and affected version(s):

These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server in IBM Cloud:

  • Version 9.0
  • Version 8.5
  • Liberty

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6382238

More stories

Security Bulletin: IBM® Db2® could allow an authenticated user to overwrite arbirary files due to improper group permissions. (CVE-2020-4945)

Jun 24, 2021 1:49 am EDT | Medium Severity

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to overwrite arbirary files due to improper group permissions. ...read more


Security Bulletin: IBM MQ is vulnerable to an issue within Pacemaker. (CVE-2020-25654)

Jun 23, 2021 8:02 pm EDT | Medium Severity

An issue was identified with Pacemaker which is used by IBM MQ to supply RDQM functionality. ...read more


Security Bulletin: IBM® Db2® could allow an authenticated user to overwrite arbirary files due to improper group permissions. (CVE-2020-4945)

Jun 23, 2021 8:02 pm EDT | Medium Severity

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to overwrite arbirary files due to improper group permissions. ...read more