Websphere Application Server@8.0 Security Vulnerabilities and Issues — Websphere Application Server@8.0 CVE List

Lucene search

IbmWebsphere Application Server8.0

82 matches found

CVE•added 2019/09/20 4:15 p.m.•179 views

CVE-2019-4505

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

5.3CVSS5.1AI score0.00193EPSS

CVE•added 2020/06/05 5:15 p.m.•153 views

CVE-2020-4448

IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.

10CVSS9.3AI score0.1624EPSS

CVE•added 2020/06/05 5:15 p.m.•145 views

CVE-2020-4449

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

7.5CVSS7.1AI score0.00778EPSS

CVE•added 2023/05/03 8:15 p.m.•134 views

CVE-2022-39161

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could expl...

5.3CVSS4.8AI score0.00027EPSS

CVE•added 2022/09/09 4:15 p.m.•126 views

CVE-2022-34165

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cac...

5.4CVSS5AI score0.00167EPSS

CVE•added 2019/09/17 7:15 p.m.•123 views

CVE-2019-4442

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.

4.3CVSS4.7AI score0.0042EPSS

CVE•added 2020/04/10 2:15 p.m.•121 views

CVE-2020-4362

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.

8.8CVSS7.4AI score0.00558EPSS

CVE•added 2020/02/03 5:15 p.m.•120 views

CVE-2019-4732

IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a ...

7.2CVSS6.3AI score0.00164EPSS

CVE•added 2019/09/17 7:15 p.m.•105 views

CVE-2019-4270

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

5.4CVSS5.3AI score0.00277EPSS

CVE•added 2020/07/17 2:15 p.m.•101 views

CVE-2020-4464

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.

9CVSS8.7AI score0.37876EPSS

CVE•added 2019/09/17 7:15 p.m.•97 views

CVE-2019-4477

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.

6.5CVSS6.4AI score0.00208EPSS

CVE•added 2019/09/17 7:15 p.m.•96 views

CVE-2019-4271

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

3.5CVSS3.8AI score0.00263EPSS

CVE•added 2019/09/17 7:15 p.m.•95 views

CVE-2019-4268

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201.

5.3CVSS5.4AI score0.00424EPSS

CVE•added 2022/05/20 5:15 p.m.•95 views

CVE-2022-22365

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

5.9CVSS5.5AI score0.00061EPSS

CVE•added 2020/08/13 12:15 p.m.•94 views

CVE-2020-4589

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585.

10CVSS9.4AI score0.0677EPSS

CVE•added 2021/12/09 5:15 p.m.•92 views

CVE-2021-38951

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.

7.5CVSS7.3AI score0.00086EPSS

CVE•added 2018/09/07 4:0 p.m.•89 views

CVE-2018-1567

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.

9.8CVSS9.3AI score0.0074EPSS

CVE•added 2021/02/10 5:15 p.m.•86 views

CVE-2021-20353

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.

8.2CVSS8AI score0.01482EPSS

CVE•added 2022/07/14 5:15 p.m.•86 views

CVE-2022-22473

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.

5.3CVSS5.1AI score0.00072EPSS

CVE•added 2020/01/31 4:15 p.m.•85 views

CVE-2019-4720

7.5CVSS7.4AI score0.00153EPSS

CVE•added 2020/03/26 2:15 p.m.•85 views

CVE-2020-4276

7.5CVSS7.6AI score0.0054EPSS

CVE•added 2016/07/03 9:59 p.m.•82 views

CVE-2016-0359

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a craf...

6.1CVSS6.2AI score0.00322EPSS

CVE•added 2017/05/10 2:29 p.m.•81 views

CVE-2017-1137

IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.

8.1CVSS7.6AI score0.00988EPSS

CVE•added 2021/02/18 3:15 p.m.•81 views

CVE-2021-20354

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

7.8CVSS7.3AI score0.00287EPSS

CVE•added 2017/03/20 4:59 p.m.•80 views

CVE-2017-1151

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.

8.1CVSS7.9AI score0.00558EPSS

CVE•added 2017/02/01 10:59 p.m.•78 views

CVE-2016-8919

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.

7.8CVSS7.3AI score0.00859EPSS

CVE•added 2020/04/28 2:15 p.m.•78 views

CVE-2020-4329

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.

4.3CVSS4.5AI score0.00083EPSS

CVE•added 2017/07/24 9:29 p.m.•77 views

CVE-2017-1382

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.

7.1CVSS6.9AI score0.00039EPSS

CVE•added 2019/03/25 7:29 p.m.•77 views

CVE-2019-4046

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.

7.5CVSS7.4AI score0.01177EPSS

CVE•added 2021/01/26 3:15 p.m.•77 views

CVE-2020-4949

8.2CVSS8AI score0.00331EPSS

CVE•added 2016/10/05 10:59 a.m.•75 views

CVE-2016-5983

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

7.5CVSS7.6AI score0.13762EPSS

CVE•added 2017/02/13 10:59 p.m.•75 views

CVE-2017-1121

IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #...

5.4CVSS5.3AI score0.0027EPSS

CVE•added 2019/10/03 2:15 p.m.•75 views

CVE-2019-4441

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.

5.3CVSS5.2AI score0.00295EPSS

CVE•added 2017/04/28 5:59 p.m.•74 views

CVE-2017-1194

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.

8.8CVSS8.4AI score0.00171EPSS

CVE•added 2017/10/10 9:29 p.m.•71 views

CVE-2017-1503

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform ...

6.1CVSS6.1AI score0.00388EPSS

CVE•added 2019/03/11 10:29 p.m.•71 views

CVE-2018-1902

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.

4.3CVSS4.5AI score0.00277EPSS

CVE•added 2021/04/08 1:15 p.m.•70 views

CVE-2021-20480

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

6.5CVSS6.3AI score0.0034EPSS

CVE•added 2018/11/15 4:29 p.m.•69 views

CVE-2018-1643

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

6.1CVSS5.8AI score0.00436EPSS

CVE•added 2020/08/03 1:15 p.m.•69 views

CVE-2020-4534

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arb...

8.8CVSS8.7AI score0.00147EPSS

CVE•added 2021/05/26 5:15 p.m.•68 views

CVE-2021-20492

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.

8.2CVSS8AI score0.00022EPSS

CVE•added 2020/02/04 5:15 p.m.•67 views

CVE-2020-4163

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.

7.2CVSS6.7AI score0.00418EPSS

CVE•added 2021/04/20 12:15 p.m.•67 views

CVE-2021-20453

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.

8.2CVSS7.9AI score0.00132EPSS

CVE•added 2012/01/19 11:55 a.m.•66 views

CVE-2011-1376

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

4.6CVSS8.4AI score0.00116EPSS

CVE•added 2021/07/30 12:15 p.m.•66 views

CVE-2021-29736

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

8.8CVSS8.5AI score0.00675EPSS

CVE•added 2021/09/16 4:15 p.m.•66 views

CVE-2021-29842

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

5.3CVSS5.3AI score0.00088EPSS

CVE•added 2018/05/04 2:29 p.m.•64 views

CVE-2017-1743

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.

4.3CVSS4.4AI score0.00288EPSS

CVE•added 2018/10/12 12:0 p.m.•64 views

CVE-2018-1770

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686.

6.5CVSS6.4AI score0.00513EPSS

CVE•added 2018/10/03 2:29 p.m.•64 views

CVE-2018-1793

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...

6.1CVSS5.8AI score0.00315EPSS

CVE•added 2019/06/28 5:15 p.m.•64 views

CVE-2019-4269

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202.

7.5CVSS7.1AI score0.00358EPSS

CVE•added 2012/09/25 8:55 p.m.•63 views

CVE-2012-3305

Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.

6.4CVSS8.9AI score0.00233EPSS

Total number of security vulnerabilities82