465 matches found
CVE-2010-0425
CVE-2010-0425 affects Apache HTTP Server on Windows with ISAPI module mod_isapi (DLLs in 2.0.37–2.0.63, 2.2.0–2.2.14, and 2.3.x before 2.3.7). Root cause: mod_isapi may unload an ISAPI DLL before request processing finishes, causing memory corruption. Impact: remote code execution or denial of se...
CVE-2015-7450
CVE-2015-7450 is a remote-code-execution vulnerability caused by deserialization of untrusted Java objects via the InvokerTransformer class in Apache Commons Collections. It affects IBM WebSphere Application Server and related IBM products (notably WAS 8.0, 8.5, and 9.0 families; plus related edi...
CVE-2023-23477
CVE-2023-23477 affects IBM WebSphere Application Server (traditional) 8.5 and 9.0. A remote attacker can execute arbitrary code via a specially crafted sequence of serialized objects. IBM indicates fixes in WebSphere versions 8.5.5.20 and 9.0.5.8 (per security bulletin 6891111). The vulnerability...
CVE-2012-2190
The provided connected sources confirm CVE-2012-2190 (TLS ClientHello crafted message causing DoS/daemon crash), CVE-2012-2191 (Vaudenay SSL CBC timing issue), and CVE-2012-2203 (PKCS#12 without integrity) involve IBM GSKit in multiple IBM products (WebSphere Application Server/IBM HTTP Server, I...
CVE-2020-10693
CVE-2020-10693 affects Hibernate Validator 6.1.2.Final, where a bug in the message interpolation processor allows invalid EL expressions to be evaluated and bypass input sanitation in error messages. IBM advisories confirm the vulnerability in Hibernate Validator and reference vendor fixes. Remed...
CVE-2020-4450
CVE-2020-4450 affects IBM WebSphere Application Server 8.5 and 9.0 traditional. A remote attacker can execute arbitrary code by sending a specially crafted sequence of serialized objects. The vulnerability has a high impact (CVSS v3.1 base 9.8) and is documented across multiple IBM security bulle...
CVE-2023-30441
CVE-2023-30441 affects IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0–8.0.7.11, with potential exposure of sensitive information due to a combination of flaws/configurations. The CVSS base score is 7.5 (HIGH). IBM Bulletins reference remediation by upgrading to newer...
CVE-2014-0964
CVE-2014-0964 affects IBM WebSphere Application Server 6.1.0.0–6.1.0.47 and 6.0.2.0–6.0.2.43, where remote TLS traffic crafted to exploit CVE-2014-0160 can cause denial of service. The vulnerability stems from the Heartbeat handling used by OpenSSL, but the connected sources do not provide a vend...
CVE-2019-4505
CVE-2019-4505 affects IBM WebSphere Application Server Network Deployment (ND) across multiple release lines (e.g., 9.0.0.0, 8.5.x, 8.0, 7.0, 6.1). A remote attacker can obtain sensitive information by sending a specially crafted URL, potentially allowing viewing of files in a restricted director...
CVE-2009-0217
CVE-2009-0217 arises from the XML Digital Signature processing where a parameter (HMACOutputLength) does not enforce a minimum length, enabling signature spoofing and authentication bypass across multiple products (e.g., XML-DSig implementations in Oracle, BEA WebLogic, Mono, XML Security Library...
CVE-2005-3498
CVE-2005-3498 affects IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5. When session trace is enabled, the server logs may record the full URL including the queryString during URL encoding, potentially exposing sensitive information via ...
CVE-2020-4448
CVE-2020-4448 affects IBM WebSphere Application Server Network Deployment (ND) on versions 7.0, 8.0, 8.5 and 9.0. The vulnerability allows remote code execution by processing a specially crafted sequence of serialized objects from untrusted sources, enabling an attacker to run arbitrary code on t...
CVE-2020-4449
CVE-2020-4449 affects IBM WebSphere Application Server traditional versions 7.0, 8.0, 8.5 and 9.0. A remote attacker can obtain sensitive information via a specially crafted sequence of serialized objects, exposing confidentiality as described in IBM advisories. The vulnerability is documented wi...
CVE-2019-4279
CVE-2019-4279 describes a remote code execution vulnerability in IBM WebSphere Application Server Network Deployment (WAS ND) where a specially crafted sequence of serialized objects from untrusted sources enables arbitrary code execution on the target system. Public references show impact on WAS...
CVE-2022-39161
CVE-2022-39161 affects IBM WebSphere Application Server (including Liberty) when using the Web Server Plug-ins, enabling MITM-style spoofing with a certificate from a trusted authority. The vulnerability arises from lack of hostname validation in the plug-in communications, allowing an authentica...
CVE-2022-34165
CVE-2022-34165 affects IBM WebSphere Application Server (versions 7.0, 8.0, 8.5, 9.0) and IBM WebSphere Application Server Liberty (17.0.0.3–22.0.0.9). Description: HTTP header injection due to improper validation, enabling attacks such as cache poisoning and cross-site scripting. Impact is limit...
CVE-2019-4442
CVE-2019-4442 affects IBM WebSphere Application Server (WAS) Admin Console, enabling path traversal by crafting URL/../ sequences to view arbitrary system files. The initial description confirms WebSphere WAS versions 7.0, 8.0, 8.5, and 9.0 are affected. IBM security bulletins linked in connected...
CVE-2023-50312
CVE-2023-50312 affects IBM WebSphere Application Server Liberty. The issue is that outbound TLS connections could have weaker-than-expected security due to a failure to honor user configuration. Affected versions are Liberty 17.0.0.3 through 24.0.0.2. The connected documents reiterate the same de...
CVE-2019-4732
CVE-2019-4732 affects IBM SDK Java Technology Edition: IBM Java 7.x (7.0.0.0–7.0.10.55, 7.1.0.0–7.1.4.55) and 8.0.0.0–8.0.6.0 could allow a local authenticated attacker to execute arbitrary code due to DLL search order hijacking on Windows. Exploitation would require placing a crafted file in a c...
CVE-2020-4362
CVE-2020-4362 affects IBM WebSphere Application Server (traditional) 7.0, 8.0, 8.5, and 9.0. It is a privilege-escalation vulnerability when using token-based authentication in an admin SOAP connector request. The impact is elevated privileges on vulnerable WAS instances. Remediation is to apply ...
CVE-2024-22354
CVE-2024-22354 affects IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5. It is an XML External Entity (XXE) vulnerability when processing XML data. A remote attacker could potentially expose sensitive information, exhaust memory reso...
CVE-2022-22475
CVE-2022-22475 affects IBM WebSphere Application Server Liberty and Open Liberty (versions 17.0.0.3 through 22.0.0.5) with identity spoofing by an authenticated user. Connected IBM bulletins confirm the vulnerability is addressed by applying fixes/upgrades to Liberty/Open Liberty to corrected rel...
CVE-2022-22476
CVE-2022-22476 affects IBM WebSphere Application Server Liberty and Open Liberty: versions 17.0.0.3 through 22.0.0.7 (and related Liberty deployments) are vulnerable to identity spoofing by an authenticated user via a crafted request. The connected IBM security bulletins detail vulnerability deta...
CVE-2023-26283
CVE-2023-26283 affects IBM WebSphere Application Server 9.0 (Admin Console). The vulnerability is a cross-site scripting flaw that lets an attacker inject arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Multiple IBM security bulletins re...
CVE-2024-22353
CVE-2024-22353 affects IBM WebSphere Liberty (and related base images) versions 17.0.0.3 through 24.0.0.4, vulnerable to denial of service caused by a specially crafted request that can exhaust server memory. IBM entries describe remediation by applying fixes/upgrades (e.g., IBM Liberty 23.0.18 o...
CVE-2024-27270
CVE-2024-27270 affects IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3, enabling cross-site scripting via a specially crafted URI that could embed arbitrary JavaScript. The connected IBM bulletins confirm this CVE within Liberty and recommend upgrading to the latest Liberty fix...
CVE-2024-35154
CVE-2024-35154 : IBM WebSphere Application Server 8.5/9.0 allows a remote authenticated attacker with admin console access to execute arbitrary code via specially crafted input. The cited IBM/IBM X-Force entry shows a base CVSS 7.2 (HIGH) with network vector, low input complexity, and high impact...
CVE-2019-4441
CVE-2019-4441 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty; describes a remote information disclosure when a stack trace is returned in the browser. Connected IBM bulletins confirm this vulnerability and provide remediation paths. Remediation for WebSphere Application S...
CVE-2022-22365
Summary of CVE-2022-22365 (IBM WebSphere Application Server) : IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 (Ajax Proxy Web Application, AjaxProxy.war deployed) are vulnerable to spoofing where a MITM attacker can spoof SSL server hostnames. Impact is spoofing and potential cr...
CVE-2020-4464
CVE-2020-4464 affects IBM WebSphere Application Server traditional (7.0, 8.0, 8.5, 9.0). A remote attacker could execute arbitrary code by sending a specially crafted sequence of serialized objects over the SOAP connector. The vulnerability is rated high (CVSS v3.1 base 8.8; v2.0 9.0). Connected ...
CVE-2019-4270
CVE-2019-4270 affects IBM WebSphere Application Server Admin Console across multiple WAS versions (7.0, 8.0, 8.5, 9.0). The vulnerability is a cross-site scripting flaw caused by insufficient input validation in the Admin Console UI, which can allow an authenticated attacker to embed arbitrary Ja...
CVE-2023-38737
CVE-2023-38737 affects IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7. A specially crafted request can cause denial of service by exhausting memory resources. Remediation: upgrade Liberty to a fixed release as specified by IBM security advisories (upgrade to a patched Liberty...
CVE-2019-4477
CVE-2019-4477 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. The described vulnerability is information disclosure caused by improper handling of command line options, enabling a user with audit-log access to obtain sensitive information. Connected IBM bulletins confirm the vuln...
CVE-2018-1902
CVE-2018-1902 is a spoofing vulnerability in IBM WebSphere Application Server. The Connected IBM bulletins show it affects WebSphere AS in multiple IBM products (e.g., Tivoli Netcool/Netcool Configuration Manager, Tivoli System Automation Application Manager, Tivoli Storage/Spectrum Control, IBM ...
CVE-2024-27268
CVE-2024-27268 affects IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4. The vulnerability allows a remote attacker to trigger a denial of service by sending a specially crafted request, causing the server to consume memory resources. NVD metrics list a CVSS v3.1 base score of 7...
CVE-2021-20492
CVE-2021-20492 affects IBM WebSphere Application Server family (8.0/8.5/9.0 and Liberty Java Batch) and Liberty for IBM Cloud; it is an XML External Entity (XXE) injection flaw in XML processing. Attackers could remotely expose sensitive information or cause resource exhaustion due to memory cons...
CVE-2021-38951
CVE-2021-38951 (IBM WebSphere Application Server) affects IBM WebSphere Application Server 7.0, 8.0, 8.5 and 9.0 and enables denial of service via a specially crafted request, as described in IBM advisories. The DoS could exhaust CPU resources. IBM has published remediation guidance with product ...
CVE-2019-4268
CVE-2019-4268 (WebSphere Admin Console path traversal) affects IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0. A remote attacker can send a specially crafted URL containing dot-dot sequences (../) to traverse directories and view arbitrary files. IBM has published multiple secur...
CVE-2019-4271
Summary: CVE-2019-4271 affects IBM WebSphere Application Server Admin Console (ND) via a Client-side HTTP Parameter Pollution vulnerability. Connected IBM bulletins confirm affected products include WAS Admin Console, with remediation guidance to apply fixed releases (e.g., WebSphere fix packs/fi...
CVE-2020-4276
CVE-2020-4276 affects IBM WebSphere Application Server traditional (versions 7.0, 8.0, 8.5, 9.0). The vulnerability is a privilege escalation via token-based authentication in an admin request over the SOAP connector. IBM bulletins and related documents (X-Force ID 175984) assign CVSS v3 base sco...
CVE-2016-9879
CVE-2016-9879 affects Spring Security 3.2.x/4.1.x/4.2.x prior to fixed versions. The root cause is how path parameters are handled in the Servlet API: getPathInfo() may include encoded "/" characters, allowing an attacker to bypass security constraints when a request contains a path parameter wit...
CVE-2020-4589
Summary: CVE-2020-4589 affects IBM WebSphere Application Server (WAS) across multiple releases (7.0/8.0/8.5/9.0) and can allow a remote attacker to execute arbitrary code via a specially-crafted sequence of serialized objects from untrusted sources. Multiple IBM security bulletins describe WAS an...
CVE-2022-22393
CVE-2022-22393 affects IBM WebSphere Application Server Liberty when adminCenter-1.0 is enabled; an authenticated user could query HTTP/HTTPS port status exposed by the server. Affected Liberty range is 17.0.0.3–22.0.0.5. IBM bulletins document the vulnerability details and state remediation is t...
CVE-2024-37532
The CVE-2024-37532 entry concerns IBM WebSphere Application Server 8.5 and 9.0, where an authenticated user can spoof identity due to improper signature validation. The issue is attributed to CWE-347 (Imporper Verification of Cryptographic Signature) and is rated high (CVSS v3.1 8.8, AV:N/AC:L/PR...
CVE-2018-1567
CVE-2018-1567 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. The issue allows remote attackers to execute arbitrary Java code via the SOAP connector by sending a serialized object from untrusted sources (deserialization leading to code execution). Affected product scope is WebSp...
CVE-2026-8644
IBM WebSphere Application Server versions 9.0 and 8.5 are affected by CVE-2026-8644, an identity spoofing (authentication bypass) vulnerability (CWE-290) with CVSSv3.1 base score 9.1. Affected products: WebSphere Application Server 9.0 and 8.5. Root cause: identity spoofing leading to authenticat...
CVE-2017-1137
CVE-2017-1137 affects IBM WebSphere Application Server; describes a weakness in the WebSphere administrative console that could let a remote attacker obtain sensitive information and gain unauthorized access to the admin console. IBM security bulletins and IBM X-Force entries reference this CVE a...
CVE-2019-4720
CVE-2019-4720 affects IBM WebSphere Application Server 7.0, 8.0, 8.5 and 9.0 (Traditional) and, in related bulletins, Liberty/Core variants. It describes a denial-of-service where a specially crafted request could cause the server to exhaust memory. Several connected IBM/security bulletins cite t...
CVE-2021-20353
CVE-2021-20353 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. It is an XML External Entity (XXE) vulnerability triggered during XML processing that could lead to exposure of sensitive data or memory/resource exhaustion. The IBM IBM X-Force ID 194882 is cited; CVSS v3 base score ...
CVE-2024-25026
CVE-2024-25026 is described in IBM advisories as affecting IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4, with a denial-of-service impact caused by a specially crafted request that can exhaust memory resources on the server. Publi...