Lucene search
K
IbmWebsphere Application Server

465 matches found

CVE
CVE
added 2010/03/05 7:0 p.m.6046 views

CVE-2010-0425

CVE-2010-0425 affects Apache HTTP Server on Windows with ISAPI module mod_isapi (DLLs in 2.0.37–2.0.63, 2.2.0–2.2.14, and 2.3.x before 2.3.7). Root cause: mod_isapi may unload an ISAPI DLL before request processing finishes, causing memory corruption. Impact: remote code execution or denial of se...

10CVSS9.4AI score0.94248EPSS
CVE
CVE
added 2016/01/02 9:0 p.m.1148 views

CVE-2015-7450

CVE-2015-7450 is a remote-code-execution vulnerability caused by deserialization of untrusted Java objects via the InvokerTransformer class in Apache Commons Collections. It affects IBM WebSphere Application Server and related IBM products (notably WAS 8.0, 8.5, and 9.0 families; plus related edi...

10CVSS9.7AI score0.97655EPSS
In wildWeb
CVE
CVE
added 2023/02/03 5:24 p.m.362 views

CVE-2023-23477

CVE-2023-23477 affects IBM WebSphere Application Server (traditional) 8.5 and 9.0. A remote attacker can execute arbitrary code via a specially crafted sequence of serialized objects. IBM indicates fixes in WebSphere versions 8.5.5.20 and 9.0.5.8 (per security bulletin 6891111). The vulnerability...

9.8CVSS9AI score0.01949EPSS
CVE
CVE
added 2012/08/21 10:0 a.m.351 views

CVE-2012-2190

The provided connected sources confirm CVE-2012-2190 (TLS ClientHello crafted message causing DoS/daemon crash), CVE-2012-2191 (Vaudenay SSL CBC timing issue), and CVE-2012-2203 (PKCS#12 without integrity) involve IBM GSKit in multiple IBM products (WebSphere Application Server/IBM HTTP Server, I...

5CVSS8.6AI score0.02371EPSS
CVE
CVE
added 2020/05/06 1:3 p.m.267 views

CVE-2020-10693

CVE-2020-10693 affects Hibernate Validator 6.1.2.Final, where a bug in the message interpolation processor allows invalid EL expressions to be evaluated and bypass input sanitation in error messages. IBM advisories confirm the vulnerability in Hibernate Validator and reference vendor fixes. Remed...

5.3CVSS5.3AI score0.02294EPSS
CVE
CVE
added 2020/06/05 12:55 p.m.255 views

CVE-2020-4450

CVE-2020-4450 affects IBM WebSphere Application Server 8.5 and 9.0 traditional. A remote attacker can execute arbitrary code by sending a specially crafted sequence of serialized objects. The vulnerability has a high impact (CVSS v3.1 base 9.8) and is documented across multiple IBM security bulle...

10CVSS9.3AI score0.33937EPSS
CVE
CVE
added 2023/04/29 2:40 p.m.253 views

CVE-2023-30441

CVE-2023-30441 affects IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0–8.0.7.11, with potential exposure of sensitive information due to a combination of flaws/configurations. The CVSS base score is 7.5 (HIGH). IBM Bulletins reference remediation by upgrading to newer...

7.5CVSS7.4AI score0.00609EPSS
CVE
CVE
added 2014/05/16 10:0 a.m.218 views

CVE-2014-0964

CVE-2014-0964 affects IBM WebSphere Application Server 6.1.0.0–6.1.0.47 and 6.0.2.0–6.0.2.43, where remote TLS traffic crafted to exploit CVE-2014-0160 can cause denial of service. The vulnerability stems from the Heartbeat handling used by OpenSSL, but the connected sources do not provide a vend...

7.1CVSS7.6AI score0.0269EPSS
In wild
CVE
CVE
added 2019/09/20 3:50 p.m.210 views

CVE-2019-4505

CVE-2019-4505 affects IBM WebSphere Application Server Network Deployment (ND) across multiple release lines (e.g., 9.0.0.0, 8.5.x, 8.0, 7.0, 6.1). A remote attacker can obtain sensitive information by sending a specially crafted URL, potentially allowing viewing of files in a restricted director...

5.3CVSS5.1AI score0.02352EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.207 views

CVE-2009-0217

CVE-2009-0217 arises from the XML Digital Signature processing where a parameter (HMACOutputLength) does not enforce a minimum length, enabling signature spoofing and authentication bypass across multiple products (e.g., XML-DSig implementations in Oracle, BEA WebLogic, Mono, XML Security Library...

5CVSS7.1AI score0.06348EPSS
CVE
CVE
added 2005/11/04 12:0 a.m.203 views

CVE-2005-3498

CVE-2005-3498 affects IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5. When session trace is enabled, the server logs may record the full URL including the queryString during URL encoding, potentially exposing sensitive information via ...

4.3CVSS6AI score0.11293EPSS
CVE
CVE
added 2020/06/05 12:55 p.m.176 views

CVE-2020-4448

CVE-2020-4448 affects IBM WebSphere Application Server Network Deployment (ND) on versions 7.0, 8.0, 8.5 and 9.0. The vulnerability allows remote code execution by processing a specially crafted sequence of serialized objects from untrusted sources, enabling an attacker to run arbitrary code on t...

10CVSS9.3AI score0.12224EPSS
CVE
CVE
added 2020/06/05 12:55 p.m.172 views

CVE-2020-4449

CVE-2020-4449 affects IBM WebSphere Application Server traditional versions 7.0, 8.0, 8.5 and 9.0. A remote attacker can obtain sensitive information via a specially crafted sequence of serialized objects, exposing confidentiality as described in IBM advisories. The vulnerability is documented wi...

7.5CVSS7.1AI score0.03932EPSS
CVE
CVE
added 2019/05/17 3:20 p.m.171 views

CVE-2019-4279

CVE-2019-4279 describes a remote code execution vulnerability in IBM WebSphere Application Server Network Deployment (WAS ND) where a specially crafted sequence of serialized objects from untrusted sources enables arbitrary code execution on the target system. Public references show impact on WAS...

10CVSS9.4AI score0.79926EPSS
CVE
CVE
added 2023/05/03 7:56 p.m.161 views

CVE-2022-39161

CVE-2022-39161 affects IBM WebSphere Application Server (including Liberty) when using the Web Server Plug-ins, enabling MITM-style spoofing with a certificate from a trusted authority. The vulnerability arises from lack of hostname validation in the plug-in communications, allowing an authentica...

5.3CVSS4.8AI score0.00362EPSS
CVE
CVE
added 2022/09/09 4:0 p.m.159 views

CVE-2022-34165

CVE-2022-34165 affects IBM WebSphere Application Server (versions 7.0, 8.0, 8.5, 9.0) and IBM WebSphere Application Server Liberty (17.0.0.3–22.0.0.9). Description: HTTP header injection due to improper validation, enabling attacks such as cache poisoning and cross-site scripting. Impact is limit...

5.4CVSS5AI score0.00458EPSS
CVE
CVE
added 2019/09/17 7:5 p.m.158 views

CVE-2019-4442

CVE-2019-4442 affects IBM WebSphere Application Server (WAS) Admin Console, enabling path traversal by crafting URL/../ sequences to view arbitrary system files. The initial description confirms WebSphere WAS versions 7.0, 8.0, 8.5, and 9.0 are affected. IBM security bulletins linked in connected...

4.3CVSS4.7AI score0.02068EPSS
CVE
CVE
added 2024/03/01 2:30 a.m.151 views

CVE-2023-50312

CVE-2023-50312 affects IBM WebSphere Application Server Liberty. The issue is that outbound TLS connections could have weaker-than-expected security due to a failure to honor user configuration. Affected versions are Liberty 17.0.0.3 through 24.0.0.2. The connected documents reiterate the same de...

6.5CVSS5.1AI score0.00592EPSS
CVE
CVE
added 2020/02/03 4:45 p.m.149 views

CVE-2019-4732

CVE-2019-4732 affects IBM SDK Java Technology Edition: IBM Java 7.x (7.0.0.0–7.0.10.55, 7.1.0.0–7.1.4.55) and 8.0.0.0–8.0.6.0 could allow a local authenticated attacker to execute arbitrary code due to DLL search order hijacking on Windows. Exploitation would require placing a crafted file in a c...

7.2CVSS6.3AI score0.00561EPSS
CVE
CVE
added 2020/04/10 2:0 p.m.145 views

CVE-2020-4362

CVE-2020-4362 affects IBM WebSphere Application Server (traditional) 7.0, 8.0, 8.5, and 9.0. It is a privilege-escalation vulnerability when using token-based authentication in an admin SOAP connector request. The impact is elevated privileges on vulnerable WAS instances. Remediation is to apply ...

8.8CVSS7.4AI score0.02438EPSS
CVE
CVE
added 2024/04/17 1:7 a.m.135 views

CVE-2024-22354

CVE-2024-22354 affects IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5. It is an XML External Entity (XXE) vulnerability when processing XML data. A remote attacker could potentially expose sensitive information, exhaust memory reso...

7CVSS6.9AI score0.00649EPSS
CVE
CVE
added 2022/05/17 4:25 p.m.133 views

CVE-2022-22475

CVE-2022-22475 affects IBM WebSphere Application Server Liberty and Open Liberty (versions 17.0.0.3 through 22.0.0.5) with identity spoofing by an authenticated user. Connected IBM bulletins confirm the vulnerability is addressed by applying fixes/upgrades to Liberty/Open Liberty to corrected rel...

6.5CVSS6.3AI score0.00602EPSS
CVE
CVE
added 2022/07/08 5:45 p.m.133 views

CVE-2022-22476

CVE-2022-22476 affects IBM WebSphere Application Server Liberty and Open Liberty: versions 17.0.0.3 through 22.0.0.7 (and related Liberty deployments) are vulnerable to identity spoofing by an authenticated user via a crafted request. The connected IBM security bulletins detail vulnerability deta...

8.8CVSS8.5AI score0.0077EPSS
CVE
CVE
added 2023/03/22 9:35 p.m.133 views

CVE-2023-26283

CVE-2023-26283 affects IBM WebSphere Application Server 9.0 (Admin Console). The vulnerability is a cross-site scripting flaw that lets an attacker inject arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Multiple IBM security bulletins re...

5.4CVSS5.2AI score0.00371EPSS
CVE
CVE
added 2024/03/31 11:43 a.m.133 views

CVE-2024-22353

CVE-2024-22353 affects IBM WebSphere Liberty (and related base images) versions 17.0.0.3 through 24.0.0.4, vulnerable to denial of service caused by a specially crafted request that can exhaust server memory. IBM entries describe remediation by applying fixes/upgrades (e.g., IBM Liberty 23.0.18 o...

7.5CVSS6.5AI score0.00818EPSS
CVE
CVE
added 2024/03/27 12:42 p.m.133 views

CVE-2024-27270

CVE-2024-27270 affects IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3, enabling cross-site scripting via a specially crafted URI that could embed arbitrary JavaScript. The connected IBM bulletins confirm this CVE within Liberty and recommend upgrading to the latest Liberty fix...

6.1CVSS4.5AI score0.0037EPSS
CVE
CVE
added 2024/07/09 9:57 p.m.132 views

CVE-2024-35154

CVE-2024-35154 : IBM WebSphere Application Server 8.5/9.0 allows a remote authenticated attacker with admin console access to execute arbitrary code via specially crafted input. The cited IBM/IBM X-Force entry shows a base CVSS 7.2 (HIGH) with network vector, low input complexity, and high impact...

7.2CVSS7.2AI score0.01163EPSS
CVE
CVE
added 2019/10/03 2:5 p.m.131 views

CVE-2019-4441

CVE-2019-4441 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty; describes a remote information disclosure when a stack trace is returned in the browser. Connected IBM bulletins confirm this vulnerability and provide remediation paths. Remediation for WebSphere Application S...

5.3CVSS5.2AI score0.01596EPSS
CVE
CVE
added 2022/05/20 4:20 p.m.131 views

CVE-2022-22365

Summary of CVE-2022-22365 (IBM WebSphere Application Server) : IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 (Ajax Proxy Web Application, AjaxProxy.war deployed) are vulnerable to spoofing where a MITM attacker can spoof SSL server hostnames. Impact is spoofing and potential cr...

5.9CVSS5.5AI score0.00553EPSS
CVE
CVE
added 2020/07/17 1:45 p.m.130 views

CVE-2020-4464

CVE-2020-4464 affects IBM WebSphere Application Server traditional (7.0, 8.0, 8.5, 9.0). A remote attacker could execute arbitrary code by sending a specially crafted sequence of serialized objects over the SOAP connector. The vulnerability is rated high (CVSS v3.1 base 8.8; v2.0 9.0). Connected ...

9CVSS8.7AI score0.13227EPSS
CVE
CVE
added 2019/09/17 7:5 p.m.129 views

CVE-2019-4270

CVE-2019-4270 affects IBM WebSphere Application Server Admin Console across multiple WAS versions (7.0, 8.0, 8.5, 9.0). The vulnerability is a cross-site scripting flaw caused by insufficient input validation in the Admin Console UI, which can allow an authenticated attacker to embed arbitrary Ja...

5.4CVSS5.3AI score0.00708EPSS
CVE
CVE
added 2023/08/16 6:7 p.m.127 views

CVE-2023-38737

CVE-2023-38737 affects IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7. A specially crafted request can cause denial of service by exhausting memory resources. Remediation: upgrade Liberty to a fixed release as specified by IBM security advisories (upgrade to a patched Liberty...

7.5CVSS6.4AI score0.00792EPSS
CVE
CVE
added 2019/09/17 7:5 p.m.126 views

CVE-2019-4477

CVE-2019-4477 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. The described vulnerability is information disclosure caused by improper handling of command line options, enabling a user with audit-log access to obtain sensitive information. Connected IBM bulletins confirm the vuln...

6.5CVSS6.4AI score0.01263EPSS
CVE
CVE
added 2019/03/11 10:0 p.m.124 views

CVE-2018-1902

CVE-2018-1902 is a spoofing vulnerability in IBM WebSphere Application Server. The Connected IBM bulletins show it affects WebSphere AS in multiple IBM products (e.g., Tivoli Netcool/Netcool Configuration Manager, Tivoli System Automation Application Manager, Tivoli Storage/Spectrum Control, IBM ...

4.3CVSS4.5AI score0.01475EPSS
CVE
CVE
added 2024/04/04 5:26 p.m.124 views

CVE-2024-27268

CVE-2024-27268 affects IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4. The vulnerability allows a remote attacker to trigger a denial of service by sending a specially crafted request, causing the server to consume memory resources. NVD metrics list a CVSS v3.1 base score of 7...

7.5CVSS5.9AI score0.01278EPSS
CVE
CVE
added 2021/05/26 4:20 p.m.121 views

CVE-2021-20492

CVE-2021-20492 affects IBM WebSphere Application Server family (8.0/8.5/9.0 and Liberty Java Batch) and Liberty for IBM Cloud; it is an XML External Entity (XXE) injection flaw in XML processing. Attackers could remotely expose sensitive information or cause resource exhaustion due to memory cons...

8.2CVSS8AI score0.02071EPSS
CVE
CVE
added 2021/12/09 5:0 p.m.121 views

CVE-2021-38951

CVE-2021-38951 (IBM WebSphere Application Server) affects IBM WebSphere Application Server 7.0, 8.0, 8.5 and 9.0 and enables denial of service via a specially crafted request, as described in IBM advisories. The DoS could exhaust CPU resources. IBM has published remediation guidance with product ...

7.5CVSS7.3AI score0.01521EPSS
CVE
CVE
added 2019/09/17 7:5 p.m.120 views

CVE-2019-4268

CVE-2019-4268 (WebSphere Admin Console path traversal) affects IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0. A remote attacker can send a specially crafted URL containing dot-dot sequences (../) to traverse directories and view arbitrary files. IBM has published multiple secur...

5.3CVSS5.4AI score0.02665EPSS
CVE
CVE
added 2019/09/17 7:5 p.m.117 views

CVE-2019-4271

Summary: CVE-2019-4271 affects IBM WebSphere Application Server Admin Console (ND) via a Client-side HTTP Parameter Pollution vulnerability. Connected IBM bulletins confirm affected products include WAS Admin Console, with remediation guidance to apply fixed releases (e.g., WebSphere fix packs/fi...

3.5CVSS3.8AI score0.00819EPSS
CVE
CVE
added 2020/03/26 1:20 p.m.116 views

CVE-2020-4276

CVE-2020-4276 affects IBM WebSphere Application Server traditional (versions 7.0, 8.0, 8.5, 9.0). The vulnerability is a privilege escalation via token-based authentication in an admin request over the SOAP connector. IBM bulletins and related documents (X-Force ID 175984) assign CVSS v3 base sco...

7.5CVSS7.6AI score0.03121EPSS
CVE
CVE
added 2017/01/06 10:0 p.m.115 views

CVE-2016-9879

CVE-2016-9879 affects Spring Security 3.2.x/4.1.x/4.2.x prior to fixed versions. The root cause is how path parameters are handled in the Servlet API: getPathInfo() may include encoded "/" characters, allowing an attacker to bypass security constraints when a request contains a path parameter wit...

7.5CVSS7.3AI score0.01416EPSS
CVE
CVE
added 2020/08/13 11:50 a.m.114 views

CVE-2020-4589

Summary: CVE-2020-4589 affects IBM WebSphere Application Server (WAS) across multiple releases (7.0/8.0/8.5/9.0) and can allow a remote attacker to execute arbitrary code via a specially-crafted sequence of serialized objects from untrusted sources. Multiple IBM security bulletins describe WAS an...

10CVSS9.4AI score0.08465EPSS
CVE
CVE
added 2022/05/13 4:15 p.m.114 views

CVE-2022-22393

CVE-2022-22393 affects IBM WebSphere Application Server Liberty when adminCenter-1.0 is enabled; an authenticated user could query HTTP/HTTPS port status exposed by the server. Affected Liberty range is 17.0.0.3–22.0.0.5. IBM bulletins document the vulnerability details and state remediation is t...

6.5CVSS6.3AI score0.00693EPSS
CVE
CVE
added 2024/06/20 1:22 p.m.114 views

CVE-2024-37532

The CVE-2024-37532 entry concerns IBM WebSphere Application Server 8.5 and 9.0, where an authenticated user can spoof identity due to improper signature validation. The issue is attributed to CWE-347 (Imporper Verification of Cryptographic Signature) and is rated high (CVSS v3.1 8.8, AV:N/AC:L/PR...

8.8CVSS8.4AI score0.00353EPSS
CVE
CVE
added 2018/09/07 4:0 p.m.113 views

CVE-2018-1567

CVE-2018-1567 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. The issue allows remote attackers to execute arbitrary Java code via the SOAP connector by sending a serialized object from untrusted sources (deserialization leading to code execution). Affected product scope is WebSp...

9.8CVSS9.3AI score0.0376EPSS
CVE
CVE
added 2026/06/01 5:46 p.m.112 views

CVE-2026-8644

IBM WebSphere Application Server versions 9.0 and 8.5 are affected by CVE-2026-8644, an identity spoofing (authentication bypass) vulnerability (CWE-290) with CVSSv3.1 base score 9.1. Affected products: WebSphere Application Server 9.0 and 8.5. Root cause: identity spoofing leading to authenticat...

9.1CVSS5.8AI score0.0033EPSS
CVE
CVE
added 2017/05/10 2:0 p.m.110 views

CVE-2017-1137

CVE-2017-1137 affects IBM WebSphere Application Server; describes a weakness in the WebSphere administrative console that could let a remote attacker obtain sensitive information and gain unauthorized access to the admin console. IBM security bulletins and IBM X-Force entries reference this CVE a...

8.1CVSS7.6AI score0.01881EPSS
CVE
CVE
added 2020/01/31 3:30 p.m.110 views

CVE-2019-4720

CVE-2019-4720 affects IBM WebSphere Application Server 7.0, 8.0, 8.5 and 9.0 (Traditional) and, in related bulletins, Liberty/Core variants. It describes a denial-of-service where a specially crafted request could cause the server to exhaust memory. Several connected IBM/security bulletins cite t...

7.5CVSS7.4AI score0.01836EPSS
CVE
CVE
added 2021/02/10 5:0 p.m.108 views

CVE-2021-20353

CVE-2021-20353 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. It is an XML External Entity (XXE) vulnerability triggered during XML processing that could lead to exposure of sensitive data or memory/resource exhaustion. The IBM IBM X-Force ID 194882 is cited; CVSS v3 base score ...

8.2CVSS8AI score0.05162EPSS
CVE
CVE
added 2024/04/25 12:16 p.m.108 views

CVE-2024-25026

CVE-2024-25026 is described in IBM advisories as affecting IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4, with a denial-of-service impact caused by a specially crafted request that can exhaust memory resources on the server. Publi...

7.5CVSS6.3AI score0.00792EPSS
Total number of security vulnerabilities465