Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmWebsphere Application Server

430 matches found

CVE
CVEadded 2016/01/02 9:59 p.m.1062 views

CVE-2015-7450

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collection...

10CVSS9.7AI score0.93939EPSS
CVE
CVEadded 2012/08/21 10:46 a.m.337 views

CVE-2012-2190

IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello messa...

5CVSS8.6AI score0.00911EPSS
CVE
CVEadded 2023/02/03 7:15 p.m.330 views

CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

9.8CVSS9AI score0.00188EPSS
CVE
CVEadded 2020/06/05 5:15 p.m.225 views

CVE-2020-4450

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.

10CVSS9.3AI score0.76776EPSS
CVE
CVEadded 2020/05/06 2:15 p.m.218 views

CVE-2020-10693

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place ...

5.3CVSS5.3AI score0.00036EPSS
CVE
CVEadded 2023/04/29 3:15 p.m.215 views

CVE-2023-30441

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.

7.5CVSS7.4AI score0.00035EPSS
CVE
CVEadded 2005/11/04 12:2 a.m.192 views

CVE-2005-3498

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.

4.3CVSS6AI score0.51951EPSS
CVE
CVEadded 2019/09/20 4:15 p.m.179 views

CVE-2019-4505

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

5.3CVSS5.1AI score0.00193EPSS
CVE
CVEadded 2014/05/16 11:12 a.m.168 views

CVE-2014-0964

IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.

7.1CVSS7.6AI score0.94462EPSS
CVE
CVEadded 2020/06/05 5:15 p.m.153 views

CVE-2020-4448

IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.

10CVSS9.3AI score0.1624EPSS
CVE
CVEadded 2020/06/05 5:15 p.m.145 views

CVE-2020-4449

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

7.5CVSS7.1AI score0.00778EPSS
CVE
CVEadded 2009/07/14 11:30 p.m.140 views

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10...

5CVSS7.1AI score0.2999EPSS
CVE
CVEadded 2019/05/17 4:29 p.m.139 views

CVE-2019-4279

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.

10CVSS9.4AI score0.8408EPSS
CVE
CVEadded 2023/05/03 8:15 p.m.134 views

CVE-2022-39161

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could expl...

5.3CVSS4.8AI score0.00027EPSS
CVE
CVEadded 2022/09/09 4:15 p.m.126 views

CVE-2022-34165

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cac...

5.4CVSS5AI score0.00167EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.123 views

CVE-2019-4442

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.

4.3CVSS4.7AI score0.0042EPSS
CVE
CVEadded 2020/04/10 2:15 p.m.121 views

CVE-2020-4362

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.

8.8CVSS7.4AI score0.00558EPSS
CVE
CVEadded 2020/02/03 5:15 p.m.120 views

CVE-2019-4732

IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a ...

7.2CVSS6.3AI score0.00164EPSS
CVE
CVEadded 2024/03/01 3:15 a.m.114 views

CVE-2023-50312

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.

6.5CVSS5.1AI score0.00034EPSS
CVE
CVEadded 2023/04/02 9:15 p.m.112 views

CVE-2023-26283

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.

5.4CVSS5.2AI score0.00099EPSS
CVE
CVEadded 2022/05/17 5:15 p.m.111 views

CVE-2022-22475

IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.

6.5CVSS6.3AI score0.00045EPSS
CVE
CVEadded 2024/03/31 12:15 p.m.111 views

CVE-2024-22353

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.

7.5CVSS6.5AI score0.00019EPSS
CVE
CVEadded 2024/04/17 1:15 a.m.111 views

CVE-2024-22354

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memo...

7CVSS6.9AI score0.00014EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.105 views

CVE-2019-4270

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

5.4CVSS5.3AI score0.00277EPSS
CVE
CVEadded 2020/07/17 2:15 p.m.101 views

CVE-2020-4464

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.

9CVSS8.7AI score0.37876EPSS
CVE
CVEadded 2024/07/09 10:15 p.m.101 views

CVE-2024-35154

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-F...

7.2CVSS7.2AI score0.00405EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.97 views

CVE-2019-4477

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.

6.5CVSS6.4AI score0.00208EPSS
CVE
CVEadded 2024/04/04 6:15 p.m.97 views

CVE-2024-27268

IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.

7.5CVSS5.9AI score0.00171EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.96 views

CVE-2019-4271

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

3.5CVSS3.8AI score0.00263EPSS
CVE
CVEadded 2022/05/13 5:15 p.m.96 views

CVE-2022-22393

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078.

6.5CVSS6.3AI score0.00116EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.95 views

CVE-2019-4268

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201.

5.3CVSS5.4AI score0.00424EPSS
CVE
CVEadded 2022/05/20 5:15 p.m.95 views

CVE-2022-22365

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

5.9CVSS5.5AI score0.00061EPSS
CVE
CVEadded 2024/03/27 1:15 p.m.95 views

CVE-2024-27270

IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.

6.1CVSS4.5AI score0.00052EPSS
CVE
CVEadded 2020/08/13 12:15 p.m.94 views

CVE-2020-4589

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585.

10CVSS9.4AI score0.0677EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.92 views

CVE-2021-38951

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.

7.5CVSS7.3AI score0.00086EPSS
CVE
CVEadded 2022/07/08 6:15 p.m.91 views

CVE-2022-22476

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.

8.8CVSS8.5AI score0.00048EPSS
CVE
CVEadded 2024/06/20 2:15 p.m.90 views

CVE-2024-37532

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721.

8.8CVSS8.4AI score0.00172EPSS
CVE
CVEadded 2018/09/07 4:0 p.m.89 views

CVE-2018-1567

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.

9.8CVSS9.3AI score0.0074EPSS
CVE
CVEadded 2024/04/25 1:15 p.m.88 views

CVE-2024-25026

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. ...

7.5CVSS6.3AI score0.00019EPSS
CVE
CVEadded 2015/05/20 12:59 a.m.87 views

CVE-2015-1920

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.

10CVSS7.3AI score0.18392EPSS
CVE
CVEadded 2021/02/10 5:15 p.m.86 views

CVE-2021-20353

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.

8.2CVSS8AI score0.01482EPSS
CVE
CVEadded 2022/02/24 5:15 p.m.86 views

CVE-2021-39038

IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack t...

5.4CVSS5.5AI score0.00028EPSS
CVE
CVEadded 2022/07/14 5:15 p.m.86 views

CVE-2022-22473

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.

5.3CVSS5.1AI score0.00072EPSS
CVE
CVEadded 2024/04/17 2:15 a.m.86 views

CVE-2024-22329

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.

4.3CVSS5.7AI score0.0002EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.85 views

CVE-2005-1112

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the ...

5CVSS6.8AI score0.12153EPSS
CVE
CVEadded 2020/01/31 4:15 p.m.85 views

CVE-2019-4720

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.

7.5CVSS7.4AI score0.00153EPSS
CVE
CVEadded 2020/03/26 2:15 p.m.85 views

CVE-2020-4276

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.

7.5CVSS7.6AI score0.0054EPSS
CVE
CVEadded 2017/01/06 10:59 p.m.83 views

CVE-2016-9879

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypas...

7.5CVSS7.3AI score0.00322EPSS
CVE
CVEadded 2016/07/03 9:59 p.m.82 views

CVE-2016-0359

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a craf...

6.1CVSS6.2AI score0.00322EPSS
CVE
CVEadded 2010/10/29 7:0 p.m.81 views

CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

5CVSS6.5AI score0.00248EPSS
Total number of security vulnerabilities430