Security Advisory

IBM Product Security Update Advisory

  • May 28 2026
IBM Product Security Update Advisory
  • Security updates have been released to address vulnerabilities in IBM products.
  • the affected products are IBM Engineering Lifecycle Management – Jazz Foundation, IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty, and IBM HTTP Server.
  • CVE-2026-3603, CVE-2026-3660, and CVE-2026-4051 have been addressed in IBM Engineering Lifecycle Management – Jazz Foundation. the vulnerabilities are XML foreign object injection (XXE), authentication bypass, and remote code execution (RCE) vulnerabilities.
  • CVE-2026-8620 and CVE-2026-8633 have been resolved in IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty. the vulnerabilities are HTTP request smuggling and remote code execution (RCE) vulnerabilities.
  • CVE-2026-8834, CVE-2026-8835, CVE-2026-8850, CVE-2026-8852, CVE-2026-8852, CVE-2026-8854, CVE-2026-8855, CVE-2026-8856, CVE-2026-9170, and CVE-2026-45186 have been resolved in IBM HTTP Server. the vulnerabilities involve heap-based buffer overflows, pointer dereferences, expired pointer dereferences, XML input processing denial of service, remote code execution (RCE) and denial of service (DoS).
  • IBM Engineering Lifecycle Management – Jazz Foundation affects 7.0.3 iFix001 or later and iFix021 or earlier, 7.1.0 iFix001 or later and iFix009 or earlier, and 7.2.0 or later and 7.2.0 iFix001 or earlier. post-patch versions are 7.0.3 iFix022 and later, 7.1.0 iFix010 and later, 7.2.0 iFix002 and later.
  • IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are affected for 9.0.0.0 or later and 9.0.5.27 or earlier, and 8.5.0.0 or later and 8.5.5.29 or earlier. the post-patch version is 9.0.5.28 or later and 8.5.5.30 or later.
  • IBM HTTP Server is affected by 9.0.0.0 or later and 9.0.5.28 or earlier, and 8.5.0.0 or later and 8.5.5.29 or earlier. the post-patch version is 9.0.5.29 or later and 8.5.5.30 or later.
  • updating to the latest version of the Vulnerability Patch has been advised as per the instructions on the reference site.

Tags:
Previous Post

Next Post