Ibm Websphere Application Server vulnerabilities

CVE-2025-14917 [MEDIUM] CWE-1393 CVE-2025-14917: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

CVE-2025-14915 [MEDIUM] CWE-200 CVE-2025-14915: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.

CVE-2026-1561 [MEDIUM] CWE-918 CVE-2026-1561: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Serve IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2025-14923 [MEDIUM] CWE-321 CVE-2025-14923: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Serve IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.

CVE-2025-13333 [MEDIUM] CWE-358 CVE-2025-13333: IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during sys IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.

CVE-2025-14914 [HIGH] CWE-22 CVE-2025-14914: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

CVE-2025-12635 [MEDIUM] CWE-79 CVE-2025-12635: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 thro IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.

CVE-2025-36099 [MEDIUM] CWE-770 CVE-2025-36099: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.

CVE-2025-33142 [MEDIUM] CWE-295 CVE-2025-33142: IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS con IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

CVE-2025-36047 [MEDIUM] CWE-770 CVE-2025-36047: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of serv IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

CVE-2025-36124 [MEDIUM] CWE-268 CVE-2025-36124: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration

CVE-2025-36000 [MEDIUM] CWE-79 CVE-2025-36000: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-s IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-56339 [LOW] CWE-650 CVE-2024-56339: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0. IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

CVE-2025-36097 [HIGH] CWE-121 CVE-2025-36097: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0. IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.

CVE-2025-36038 [CRITICAL] CWE-502 CVE-2025-36038: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.

CVE-2025-33104 [MEDIUM] CWE-79 CVE-2025-33104: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerabili IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2025-27907 [MEDIUM] CWE-918 CVE-2025-27907: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). Th IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2024-45087 [MEDIUM] CWE-79 CVE-2024-45087: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerabili IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-45086 [MEDIUM] CWE-611 CVE-2024-45086: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.

CVE-2024-45072 [MEDIUM] CWE-611 CVE-2024-45072: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.