Lucene search

Websphere Application Server Security Vulnerabilities - 2023

cve

CVE-2022-39161

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could expl...

5.3CVSS

4.8AI Score

0.001EPSS

2023-05-03 08:15 PM

104

cve

CVE-2022-43917

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

7.5CVSS

7.3AI Score

0.001EPSS

2023-01-26 09:17 PM

cve

CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

9.8CVSS

9.2AI Score

0.004EPSS

2023-02-03 07:15 PM

269

cve

CVE-2023-24966

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 24690...

6.1CVSS

5.8AI Score

0.001EPSS

2023-04-27 02:15 PM

cve

CVE-2023-26283

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.

5.4CVSS

5.1AI Score

0.0005EPSS

2023-04-02 09:15 PM

cve

CVE-2023-27554

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.

9.1CVSS

8.9AI Score

0.001EPSS

2023-05-11 08:15 PM

cve

CVE-2023-30441

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.

7.5CVSS

7.3AI Score

0.002EPSS

2023-04-29 03:15 PM

177

cve

CVE-2023-35890

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.

5.5CVSS

5.1AI Score

0.0004EPSS

2023-07-07 03:15 AM

cve

CVE-2023-38737

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.

7.5CVSS

7.2AI Score

0.001EPSS

2023-08-16 07:15 PM

cve

CVE-2023-46158

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.

9.8CVSS

8.8AI Score

0.001EPSS

2023-10-25 06:17 PM

103