Skip to content

WebSphere Liberty could provide weaker than expected security due to crypto.js (CVE-2020-36732 CVSS 5.3) #32824

New issue
New issue
Closed
#32826
Closed
WebSphere Liberty could provide weaker than expected security due to crypto.js (CVE-2020-36732 CVSS 5.3)#32824
#32826
Assignees
jimmy1wu
Labels
release bugThis bug is present in a released version of Open Libertyrelease:250010team:Security SSO
@jimmy1wu

Description

@jimmy1wu
jimmy1wu
opened on Sep 10, 2025

Describe the bug
WebSphere Liberty could provide weaker than expected security due to crypto.js (CVE-2020-36732 CVSS 5.3)

Steps to Reproduce
Security Bulletin: https://www.ibm.com/support/pages/node/7244573

Expected behavior
The bug is fixed in Open Liberty 25.0.0.10 and above.

Diagnostic information:

  • OpenLiberty Version: 17.0.0.3 - 25.0.0.9
  • Affected feature(s): openidConnectServer-1.0
  • Java Version: all

Metadata

Metadata

Assignees

Labels

release bugThis bug is present in a released version of Open Libertyrelease:250010team:Security SSO

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions