Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1112 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | |||||
| CVE-2006-4222 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123. | |||||
| CVE-2005-1872 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2024-27270 | 1 Ibm | 1 Websphere Application Server | 2025-03-05 | N/A | 4.7 MEDIUM |
| IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. | |||||
| CVE-2024-25026 | 1 Ibm | 1 Websphere Application Server | 2025-02-27 | N/A | 5.9 MEDIUM |
| IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. | |||||
| CVE-2023-27554 | 1 Ibm | 1 Websphere Application Server | 2025-01-24 | N/A | 6.3 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. | |||||
| CVE-2024-45073 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Websphere Application Server and 4 more | 2025-01-07 | N/A | 4.8 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-37532 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 8.8 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721. | |||||
| CVE-2024-35154 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 7.2 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641. | |||||
| CVE-2024-35153 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 4.8 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640. | |||||
| CVE-2024-22353 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. | |||||
| CVE-2023-50313 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. | |||||
| CVE-2023-38737 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567. | |||||
| CVE-2023-35890 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 5.1 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. | |||||
| CVE-2023-30441 | 1 Ibm | 4 Infosphere Information Server, Java, Websphere Application Server and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. | |||||
| CVE-2023-26283 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. | |||||
| CVE-2023-24966 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A | 6.1 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. | |||||
| CVE-2023-23477 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 8.1 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | |||||
| CVE-2022-43917 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. | |||||
| CVE-2022-40750 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. | |||||