IBM Product Security Update Advisory

IBM Product Security Update Advisory

Overview


IBM has released security updates to address vulnerabilities in several of its products. Users of affected products should update to the latest version.

Affected Products and Vulnerabilities


  • CVE-2026-11541: WebSphere Application Server versions 8.5 Through 8.5.5.30, WebSphere Application Server versions 9.0 Through 9.0.5.28, And WebSphere Application Server – Liberty versions 17.0.0.3 Through 26.0.0.6 Are affected. These include a remote code execution vulnerability (a vulnerability that allows a threat actor to execute arbitrary code) and an HTTP request smuggling vulnerability.
  • CVE-2026-11546, CVE-2026-11714: WebSphere Application Server – Liberty versions 17.0.0.3 Through 26.0.0.7 Are affected. These are server-side request forgery (SSRF) vulnerabilities (vulnerabilities that cause the server to send requests to a location specified by a threat actor).
  • CVE-2026-11594: Affects WebSphere Application Server versions 8.5 Through 8.5.5.29 And WebSphere Application Server versions 9.0 Through 9.0.5.28. This is a cross-site scripting (XSS) vulnerability (a vulnerability that allows malicious scripts to be injected into web pages).
  • CVE-2026-11708, CVE-2026-11712: WebSphere Application Server versions 8.5 Through 8.5.5.30 And WebSphere Application Server versions 9.0 Through 9.0.5.28 Are affected. This is a cross-site scripting (XSS) vulnerability.
  • CVE-2026-13449: Affects IBM Business Automation Manager Open Editions versions 9.0.0 Through 9.4.2. This is an XML external object injection vulnerability (a vulnerability that allows an attacker to exploit external XML objects to read system information or trigger actions).
  • CVE-2026-13759, CVE-2026-13772: Affects WebSphere Extreme Scale versions 8.6.1.0 Through 8.6.1.6. These include an untrusted data deserialization vulnerability and a remote code execution vulnerability.

Recommended Actions


  • Update to the latest version with Vulnerability Patches.
  • Update WebSphere Application Server and WebSphere Application Server Liberty to the recommended versions.
  • Update IBM Business Automation Manager Open Editions to version 9.5.0 Or later.
  • Apply mitigation measures for WebSphere Extreme Scale as described on the reference site.