Lucene search
K

12 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.4 views

EUVD-2026-40413

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability...

7.4CVSS5.8AI score0.00418EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-53990

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description An HTTP request smuggling issue exists, which occurs when there...

9.8CVSS6AI score0.00418EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53965

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description An arbitrary file read issue exists when the restConnector-2.0 feature is enabled. This allows an attacker to read files from the system that they should...

7.5CVSS6.1AI score0.00472EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.6 views

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.5 Identity Spoofing (7270437)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by an identity spoofing vulnerability as referenced in the 7270437 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable...

7.5CVSS5.8AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2025/12/08 9:58 p.m.56 views

CVE-2025-12635

CVE-2025-12635 is a cross-site scripting vulnerability in IBM WebSphere Application Server and related bundles (WAS Liberty 17.0.0.3–25.0.0.12; WAS 8.5 and 9.0). It arises from improper validation of user-supplied input, enabling an attacker to lure a user to a malicious site via a crafted URL. I...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/25 9:5 p.m.7 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. Vulnerability Details...

7.5CVSS6.2AI score0.00369EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/09 4:26 p.m.2 views

CVE-2024-56339

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration...

7.5CVSS9.5AI score0.004EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 3:29 p.m.20 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery. (CVE-2024-22329)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery SSRF. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID:...

4.3CVSS5.5AI score0.00302EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.6 views

PT-2024-19342 · Ibm · Ibm Websphere Application Server +1

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5, 9.0 IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3 Description: The issue is related to server-side request forgery SSRF. By sending a specially crafted request, an...

4.3CVSS7.8AI score0.00302EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 5:4 p.m.25 views

Security Bulletin: HTTP header injection vulnerability in Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2022-34165)

Summary Watson Knowledge Catalog for IBM Cloud Pak for Data has an internal dependency on IBM WebSphere Application Server Liberty. Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to a HTTP header injection. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-34165...

5.4CVSS5.6AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/23 1:5 p.m.24 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM Elastic Storage System (CVE-2021-39031)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage System, which could allow a remote attacker to cause a denial of service. Vulnerability Details CVEID:CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through...

8.8CVSS7.2AI score0.02017EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/04/02 3:15 p.m.14 views

Cross site scripting

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

4.3CVSS5.8AI score0.00797EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder