Websphere Application Server@9.0 Security Vulnerabilities and Issues — Websphere Application Server@9.0 CVE List

Lucene search

IbmWebsphere Application Server9.0

8 matches found

CVE•added 2022/09/09 4:15 p.m.•126 views

CVE-2022-34165

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cac...

5.4CVSS5AI score0.00167EPSS

CVE•added 2022/05/20 5:15 p.m.•95 views

CVE-2022-22365

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

5.9CVSS5.5AI score0.00061EPSS

CVE•added 2022/02/24 5:15 p.m.•86 views

CVE-2021-39038

IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack t...

5.4CVSS5.5AI score0.00028EPSS

CVE•added 2022/07/14 5:15 p.m.•86 views

CVE-2022-22473

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.

5.3CVSS5.1AI score0.00072EPSS

CVE•added 2022/07/14 5:15 p.m.•62 views

CVE-2022-22477

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 22560...

6.1CVSS5.8AI score0.0024EPSS

CVE•added 2022/09/28 4:15 p.m.•60 views

CVE-2022-35282

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.

6.5CVSS6.1AI score0.00033EPSS

CVE•added 2022/11/11 7:15 p.m.•58 views

CVE-2022-40750

IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 2365...

5.4CVSS5.2AI score0.0018EPSS

CVE•added 2022/09/13 9:15 p.m.•54 views

CVE-2022-34336

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.1AI score0.00226EPSS