Lucene search

K
IbmWebsphere Application Server Liberty

24 matches found

CVE
CVE
added 2023/10/25 6:17 p.m.130 views

CVE-2023-46158

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.

9.8CVSS6.9AI score0.00021EPSS
CVE
CVE
added 2022/09/09 4:15 p.m.126 views

CVE-2022-34165

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cac...

5.4CVSS5AI score0.00167EPSS
CVE
CVE
added 2024/03/01 3:15 a.m.114 views

CVE-2023-50312

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.

6.5CVSS5.1AI score0.00034EPSS
CVE
CVE
added 2022/05/17 5:15 p.m.111 views

CVE-2022-22475

IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.

6.5CVSS6.3AI score0.00045EPSS
CVE
CVE
added 2024/03/31 12:15 p.m.111 views

CVE-2024-22353

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.

7.5CVSS6.5AI score0.00019EPSS
CVE
CVE
added 2024/04/17 1:15 a.m.111 views

CVE-2024-22354

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memo...

7CVSS6.9AI score0.00014EPSS
CVE
CVE
added 2024/04/04 6:15 p.m.97 views

CVE-2024-27268

IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.

7.5CVSS5.9AI score0.00171EPSS
CVE
CVE
added 2022/05/13 5:15 p.m.96 views

CVE-2022-22393

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078.

6.5CVSS6.3AI score0.00116EPSS
CVE
CVE
added 2024/03/27 1:15 p.m.95 views

CVE-2024-27270

IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.

6.1CVSS4.5AI score0.00052EPSS
CVE
CVE
added 2022/07/08 6:15 p.m.91 views

CVE-2022-22476

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.

8.8CVSS8.5AI score0.00048EPSS
CVE
CVE
added 2024/04/25 1:15 p.m.88 views

CVE-2024-25026

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. ...

7.5CVSS6.3AI score0.00019EPSS
CVE
CVE
added 2022/02/24 5:15 p.m.86 views

CVE-2021-39038

IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack t...

5.4CVSS5.5AI score0.00028EPSS
CVE
CVE
added 2024/04/17 2:15 a.m.86 views

CVE-2024-22329

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.

4.3CVSS5.7AI score0.0002EPSS
CVE
CVE
added 2024/08/14 6:15 p.m.81 views

CVE-2023-50314

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.

7.5CVSS5AI score0.00068EPSS
CVE
CVE
added 2022/01/19 5:15 p.m.79 views

CVE-2022-22310

IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.

6.5CVSS6.4AI score0.00242EPSS
CVE
CVE
added 2020/04/28 2:15 p.m.78 views

CVE-2020-4329

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.

4.3CVSS4.5AI score0.00083EPSS
CVE
CVE
added 2023/08/16 7:15 p.m.74 views

CVE-2023-38737

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.

7.5CVSS6.4AI score0.00024EPSS
CVE
CVE
added 2021/09/16 4:15 p.m.66 views

CVE-2021-29842

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

5.3CVSS5.3AI score0.00088EPSS
CVE
CVE
added 2020/05/06 2:15 p.m.62 views

CVE-2020-4421

IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.

5.5CVSS5.7AI score0.0017EPSS
CVE
CVE
added 2022/01/25 5:15 p.m.57 views

CVE-2021-39031

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM...

8.8CVSS8.4AI score0.00409EPSS
CVE
CVE
added 2020/04/02 3:15 p.m.47 views

CVE-2020-4303

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

6.1CVSS5.8AI score0.00292EPSS
CVE
CVE
added 2020/09/21 3:15 p.m.47 views

CVE-2020-4590

IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.

6.5CVSS6.3AI score0.00448EPSS
CVE
CVE
added 2020/04/02 3:15 p.m.46 views

CVE-2020-4304

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

6.1CVSS5.8AI score0.00223EPSS
CVE
CVE
added last week6 views

CVE-2025-36097

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.

7.5CVSS6.5AI score0.00051EPSS