Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmWebsphere Application Server*

174 matches found

CVE
CVEadded 2006/10/17 5:7 p.m.40 views

CVE-2006-5323

Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.

10CVSS6.8AI score0.00655EPSS
CVE
CVEadded 2007/06/19 6:30 p.m.40 views

CVE-2007-3262

Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.

7.8CVSS6.6AI score0.02237EPSS
CVE
CVEadded 2007/06/19 6:30 p.m.40 views

CVE-2007-3265

Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00649EPSS
CVE
CVEadded 2007/06/19 6:30 p.m.39 views

CVE-2007-3264

Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.

10CVSS6.4AI score0.01003EPSS
CVE
CVEadded 2008/01/23 2:0 a.m.39 views

CVE-2008-0389

Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.

10CVSS6.4AI score0.01377EPSS
CVE
CVEadded 2008/12/10 12:30 a.m.39 views

CVE-2008-5413

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434.

5CVSS5.7AI score0.00302EPSS
CVE
CVEadded 2009/06/03 5:0 p.m.39 views

CVE-2009-1900

The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting t...

5CVSS5.9AI score0.00634EPSS
CVE
CVEadded 2007/03/22 11:19 p.m.38 views

CVE-2007-1608

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.

7.5CVSS6.7AI score0.00852EPSS
CVE
CVEadded 2006/08/14 11:4 p.m.37 views

CVE-2006-4136

Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.

7.5CVSS7.2AI score0.00666EPSS
CVE
CVEadded 2009/06/03 5:0 p.m.37 views

CVE-2009-1901

The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.

10CVSS6.6AI score0.00531EPSS
CVE
CVEadded 2010/06/18 6:30 p.m.37 views

CVE-2010-2324

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.

7.5CVSS6.5AI score0.00401EPSS
CVE
CVEadded 2007/04/30 10:19 p.m.36 views

CVE-2006-7198

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.

10CVSS6.8AI score0.01094EPSS
CVE
CVEadded 2008/01/10 2:46 a.m.36 views

CVE-2007-6679

Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.

10CVSS6.3AI score0.01325EPSS
CVE
CVEadded 2007/11/03 12:46 a.m.35 views

CVE-2007-5799

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valu...

4.3CVSS6.8AI score0.002EPSS
Web
CVE
CVEadded 2009/02/10 10:30 p.m.35 views

CVE-2008-4283

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

10CVSS6.9AI score0.00499EPSS
CVE
CVEadded 2008/12/10 12:30 a.m.34 views

CVE-2008-5411

IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5CVSS5.9AI score0.00427EPSS
CVE
CVEadded 2009/02/17 5:30 p.m.34 views

CVE-2009-0504

WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

2.1CVSS6.4AI score0.00054EPSS
CVE
CVEadded 2018/10/12 5:29 a.m.33 views

CVE-2018-1838

IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811.

6.5CVSS6.7AI score0.00129EPSS
CVE
CVEadded 2025/07/16 6:15 p.m.21 views

CVE-2025-36097

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.

7.5CVSS6.5AI score0.00059EPSS
CVE
CVEadded 2025/08/07 4:15 p.m.16 views

CVE-2024-56339

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

7.5CVSS7AI score0.00038EPSS
CVE
CVEadded 2025/08/14 4:15 p.m.13 views

CVE-2025-36047

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

7.5CVSS7AI score0.00113EPSS
CVE
CVEadded 2025/08/14 4:15 p.m.11 views

CVE-2025-33142

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

7.5CVSS7.1AI score0.00033EPSS
CVE
CVEadded 2025/08/12 7:15 p.m.9 views

CVE-2025-36124

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration

7.5CVSS7.1AI score0.00065EPSS
CVE
CVEadded 2025/08/12 8:15 p.m.8 views

CVE-2025-36000

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...

4.8CVSS6.3AI score0.00027EPSS
Total number of security vulnerabilities174