Lucene search
K

122 matches found

NVD
NVD
added yesterday4 views

CVE-2026-13772

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-13773

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...

6CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-40388

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-13759

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-13759 IBM WebSphere eXtreme Scale is affected by Insecure Deserilization

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40387

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-13772

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-40386

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...

6CVSS6.4AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-13773

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...

6CVSS6.4AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-40379

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-9002

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-9002 IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere eXtreme Scale's OQL is affected by remote code execution

Summary IBM WebSphere eXtremes Scale's OQL is affected by remote code execution CVE-2026-13772 Vulnerability Details CVEID:CVE-2026-13772 DESCRIPTION: WebSphere eXtreme Scale's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors wit...

7.5CVSS6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol

Summary IBM WebSphere eXtremes Scale is affected by server side request forgery when ORB is used as Transport Protocol CVE-2026-13773 Vulnerability Details CVEID:CVE-2026-13773 DESCRIPTION: Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call...

6CVSS6.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere eXtreme Scale is affected by Insecure Deserilization

Summary IBM WebSphere eXtreme Scale is affected by Insecure Deserilization of untrusted data CVE-2026-13759 Vulnerability Details CVEID:CVE-2026-13759 DESCRIPTION: WebSphere eXtreme Scale ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream,...

7.5CVSS6.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago4 views

Security Bulletin: IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled

Summary IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled CVE-2026-9002 Vulnerability Details CVEID:CVE-2026-9002 DESCRIPTION: IBM WebSphere eXtreme Scale could allow an adjacent attacker to cause a denial of service due to improper validation in th...

6.5CVSS5.8AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.8 views

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7277387)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7277387 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...

7.5CVSS6AI score0.00702EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 2:28 p.m.3 views

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.12 views

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7267689)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7267689 advisory. - In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names o...

9.8CVSS6.3AI score0.00864EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 3:54 p.m.4 views

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote...

9.8CVSS6.8AI score0.00864EPSS
Exploits1Affected Software1
Rows per page
Query Builder