Malware gaps in IBM WebSphere Application Server Liberty and Netcool/OMNIbus
Attackers can target IBM's application server WebSphere Application Server Liberty and the network monitoring solution Tivoli Netcool/OMNIbus.
(Image: AFANASEV IVAN / Shutterstock.com)
Admins managing instances with IBM WebSphere Application Server Liberty or Tivoli Netcool/OMNIbus should secure their systems promptly. If not, attackers could execute malware in the worst-case scenario. IBM has not yet mentioned any ongoing attacks. However, for WebSphere Application Server Liberty, there is currently only a preliminary solution to protect computers from attacks.
Interim Fix
In a warning message, the developers describe that attackers can target WebSphere Application Server Liberty via a path traversal vulnerability (CVE-2025-14914 “high”). However, systems are only vulnerable if the restConnector-1.0 or restConnector-2.0 feature is active.
If this is the case, attackers can upload crafted zip archives due to insufficient checks and thus overwrite files in actually isolated paths. Ultimately, this can lead to the execution of malware.
According to the developers, versions 17.0.0.3 up to and including 26.0.0.1 are affected. No security update has been released yet. In a post, IBM refers to an “interim solution” (Interim Fix) to protect instances nonetheless.
Videos by heise
Further Security Issue
The vulnerability (CVE-2026-1188 “medium”) in Tivoli Netcool/OMNIbus impacts IBM Runtime Environment Java. At this point, attackers can trigger memory errors in an unspecified way. Such an event typically leads to crashes. However, in this context, malware often also gets onto PCs and compromises them.
According to IBM, versions 8.1.0 up to and including 8.1.0.35 are impacted. Tivoli Netcool/OMNIbus 8.1.0.36 is expected to be protected against the described attack.
(des)
