Websphere Application Server@8.0.0.15 Security Vulnerabilities and Issues — Websphere Application Server@8.0.0.15 CVE List

Lucene search

IbmWebsphere Application Server8.0.0.15

43 matches found

CVE•added 2020/06/05 5:15 p.m.•146 views

CVE-2020-4449

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

7.5CVSS7.1AI score0.00778EPSS

CVE•added 2022/09/09 4:15 p.m.•127 views

CVE-2022-34165

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cac...

5.4CVSS5AI score0.001EPSS

CVE•added 2019/09/17 7:15 p.m.•125 views

CVE-2019-4442

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.

4.3CVSS4.7AI score0.0042EPSS

CVE•added 2020/04/10 2:15 p.m.•122 views

CVE-2020-4362

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.

8.8CVSS7.4AI score0.00558EPSS

CVE•added 2019/09/17 7:15 p.m.•107 views

CVE-2019-4270

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

5.4CVSS5.3AI score0.00277EPSS

CVE•added 2020/07/17 2:15 p.m.•103 views

CVE-2020-4464

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.

9CVSS8.7AI score0.37876EPSS

CVE•added 2019/09/17 7:15 p.m.•98 views

CVE-2019-4477

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.

6.5CVSS6.4AI score0.00208EPSS

CVE•added 2019/09/17 7:15 p.m.•96 views

CVE-2019-4268

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201.

5.3CVSS5.4AI score0.00424EPSS

CVE•added 2020/08/13 12:15 p.m.•96 views

CVE-2020-4589

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585.

10CVSS9.4AI score0.0677EPSS

CVE•added 2022/05/20 5:15 p.m.•96 views

CVE-2022-22365

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

5.9CVSS5.5AI score0.0024EPSS

CVE•added 2018/09/07 4:0 p.m.•92 views

CVE-2018-1567

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.

9.8CVSS9.3AI score0.00712EPSS

CVE•added 2020/03/26 2:15 p.m.•88 views

CVE-2020-4276

7.5CVSS7.6AI score0.0054EPSS

CVE•added 2022/07/14 5:15 p.m.•87 views

CVE-2022-22473

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.

5.3CVSS5.1AI score0.00087EPSS

CVE•added 2020/01/31 4:15 p.m.•86 views

CVE-2019-4720

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.

7.5CVSS7.4AI score0.00153EPSS

CVE•added 2021/02/18 3:15 p.m.•82 views

CVE-2021-20354

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

7.8CVSS7.3AI score0.00287EPSS

CVE•added 2020/04/28 2:15 p.m.•80 views

CVE-2020-4329

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.

4.3CVSS4.5AI score0.00083EPSS

CVE•added 2019/03/25 7:29 p.m.•78 views

CVE-2019-4046

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.

7.5CVSS7.4AI score0.01177EPSS

CVE•added 2021/01/26 3:15 p.m.•78 views

CVE-2020-4949

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.

8.2CVSS8AI score0.00331EPSS

CVE•added 2019/10/03 2:15 p.m.•77 views

CVE-2019-4441

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.

5.3CVSS5.2AI score0.00295EPSS

CVE•added 2019/03/11 10:29 p.m.•73 views

CVE-2018-1902

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.

4.3CVSS4.5AI score0.00277EPSS

CVE•added 2021/04/08 1:15 p.m.•71 views

CVE-2021-20480

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

6.5CVSS6.3AI score0.0034EPSS

CVE•added 2018/11/15 4:29 p.m.•70 views

CVE-2018-1643

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

6.1CVSS5.8AI score0.00428EPSS

CVE•added 2021/05/26 5:15 p.m.•69 views

CVE-2021-20492

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.

8.2CVSS8AI score0.00223EPSS

CVE•added 2020/02/04 5:15 p.m.•68 views

CVE-2020-4163

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.

7.2CVSS6.7AI score0.00418EPSS

CVE•added 2021/07/30 12:15 p.m.•67 views

CVE-2021-29736

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

8.8CVSS8.5AI score0.00675EPSS

CVE•added 2021/09/16 4:15 p.m.•67 views

CVE-2021-29842

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

5.3CVSS5.3AI score0.00371EPSS

CVE•added 2018/10/12 12:0 p.m.•65 views

CVE-2018-1770

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686.

6.5CVSS6.4AI score0.00484EPSS

CVE•added 2020/09/30 3:15 p.m.•65 views

CVE-2020-4629

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.

3.3CVSS3.4AI score0.00093EPSS

CVE•added 2018/10/03 2:29 p.m.•63 views

CVE-2018-1794

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses...

6.1CVSS5.8AI score0.00333EPSS

CVE•added 2020/09/21 5:15 p.m.•62 views

CVE-2020-4643

7.5CVSS7.5AI score0.00335EPSS

CVE•added 2018/11/16 4:0 p.m.•61 views

CVE-2018-1797

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit ...

6.3CVSS5.6AI score0.00595EPSS

CVE•added 2019/02/19 5:29 p.m.•61 views

CVE-2018-1996

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.

5.3CVSS5.2AI score0.00093EPSS

CVE•added 2020/02/05 4:15 p.m.•61 views

CVE-2019-4670

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.

6.5CVSS6.2AI score0.00252EPSS

CVE•added 2020/10/28 5:15 p.m.•61 views

CVE-2020-4782

6.5CVSS6.4AI score0.00416EPSS

CVE•added 2020/09/10 5:15 p.m.•60 views

CVE-2020-4578

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.3AI score0.00287EPSS

CVE•added 2019/04/02 2:29 p.m.•58 views

CVE-2019-4080

IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.

6.8CVSS6.4AI score0.0134EPSS

CVE•added 2021/04/21 12:15 p.m.•58 views

CVE-2021-20454

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.

8.2CVSS8AI score0.00172EPSS

CVE•added 2018/12/12 4:29 p.m.•57 views

CVE-2018-1926

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit...

8.8CVSS8.3AI score0.00181EPSS

CVE•added 2018/10/29 3:29 p.m.•55 views

CVE-2018-1767

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

6.1CVSS5.8AI score0.00366EPSS

CVE•added 2018/10/16 7:29 p.m.•55 views

CVE-2018-1777

5.4CVSS5.3AI score0.00297EPSS

CVE•added 2021/03/10 3:15 p.m.•52 views

CVE-2020-5016

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to vi...

6.5CVSS6.4AI score0.00096EPSS

CVE•added 2018/12/11 4:29 p.m.•49 views

CVE-2018-1904

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.

9.8CVSS9.3AI score0.00827EPSS

CVE•added 2018/11/12 4:29 p.m.•46 views

CVE-2018-1798

6.1CVSS5.8AI score0.0047EPSS