22 matches found
CVE-2026-9006
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...
CVE-2026-9006
IBM WebSphere Application Server (traditional and Liberty/Remote Server configurations) is affected by CVE-2026-9006, a server-side request forgery (SSRF) when the Ajax Proxy is configured. Affected products include IBM WebSphere Remote Server (versions 8.5, 9.0, 9.1) and the WAS components shipp...
EUVD-2026-38252
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...
CVE-2026-9006 IBM WebSphere Application Server is affected by server-side request forgery
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...
PT-2026-51348
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description An issue exists when the Ajax Proxy is configured, which may allow an attacker to send unauthorized requests from the system. This server-sid...
IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 (7276600)
The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7276600 advisory. - IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send...
EUVD-2022-27511
Malicious code in bioql PyPI...
CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
SolarWinds Web Help Desk 代码问题漏洞
SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. A code issue vulnerability exists in SolarWinds Web Help Desk that stems...
SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AjaxProxy class. The issue results from the lack of proper validation of...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2022-22365)
Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-22365 DESCRIPTION: IBM WebSphere Application...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to Spoofing (CVE-2022-22365)
Summary IBM WebSphere Application Server is vulnerable to spoofing when the Ajax Proxy Web Application AjaxProxy.war is deployed. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...
Unspecified Vulnerability in IBM WebSphere Application Server
IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere Application Server...
CVE-2022-22365
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application AjaxProxy.war deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904...
Spoofing
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application AjaxProxy.war deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904...
CVE-2022-22365
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application AjaxProxy.war deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904...
CVE-2022-22365
Summary of CVE-2022-22365 (IBM WebSphere Application Server) : IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 (Ajax Proxy Web Application, AjaxProxy.war deployed) are vulnerable to spoofing where a MITM attacker can spoof SSL server hostnames. Impact is spoofing and potential cr...
IBM WebSphere Application Server 安全漏洞
IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere Application Server...