Websphere Application Server@8.5 Security Vulnerabilities and Issues — Websphere Application Server@8.5 CVE List

Lucene search

IbmWebsphere Application Server8.5

12 matches found

CVE•added 2021/12/09 5:15 p.m.•92 views

CVE-2021-38951

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.

7.5CVSS7.3AI score0.00086EPSS

CVE•added 2021/02/10 5:15 p.m.•86 views

CVE-2021-20353

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.

8.2CVSS8AI score0.01482EPSS

CVE•added 2021/02/18 3:15 p.m.•81 views

CVE-2021-20354

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

7.8CVSS7.3AI score0.00287EPSS

CVE•added 2021/01/26 3:15 p.m.•77 views

CVE-2020-4949

8.2CVSS8AI score0.00331EPSS

CVE•added 2021/04/08 1:15 p.m.•70 views

CVE-2021-20480

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

6.5CVSS6.3AI score0.0034EPSS

CVE•added 2021/05/26 5:15 p.m.•68 views

CVE-2021-20492

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.

8.2CVSS8AI score0.00022EPSS

CVE•added 2021/04/20 12:15 p.m.•67 views

CVE-2021-20453

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.

8.2CVSS7.9AI score0.00132EPSS

CVE•added 2021/07/30 12:15 p.m.•66 views

CVE-2021-29736

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

8.8CVSS8.5AI score0.00675EPSS

CVE•added 2021/09/16 4:15 p.m.•66 views

CVE-2021-29842

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

5.3CVSS5.3AI score0.00088EPSS

CVE•added 2021/04/21 12:15 p.m.•57 views

CVE-2021-20454

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.

8.2CVSS8AI score0.00172EPSS

CVE•added 2021/03/10 3:15 p.m.•51 views

CVE-2020-5016

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to vi...

6.5CVSS6.4AI score0.00096EPSS

CVE•added 2021/06/11 3:15 p.m.•47 views

CVE-2021-29754

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.

8.8CVSS8.5AI score0.00209EPSS