Ibm Websphere Application Server vulnerabilities

CVE-2025-36000 [MEDIUM] CWE-79 CVE-2025-36000: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-s IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-56339 [HIGH] CWE-650 CVE-2024-56339: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0. IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

CVE-2025-36097 [HIGH] CWE-121 CVE-2025-36097: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0. IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.

CVE-2025-36038 [CRITICAL] CWE-502 CVE-2025-36038: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.

CVE-2025-33104 [HIGH] CWE-79 CVE-2025-33104: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerabili IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2025-27907 [LOW] CWE-918 CVE-2025-27907: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). Th IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2024-45087 [MEDIUM] CWE-79 CVE-2024-45087: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerabili IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-45086 [MEDIUM] CWE-611 CVE-2024-45086: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.

CVE-2024-45072 [MEDIUM] CWE-611 CVE-2024-45072: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.

CVE-2024-45071 [MEDIUM] CWE-79 CVE-2024-45071: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vuln IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-45085 [HIGH] CWE-754 CVE-2024-45085: IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurati IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service.

CVE-2024-45073 [MEDIUM] CWE-79 CVE-2024-45073: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vuln IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2023-50314 [HIGH] CWE-295 CVE-2023-50314: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with acce IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.

CVE-2023-50315 [MEDIUM] CWE-295 CVE-2023-50315: IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to c IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714.

CVE-2024-35154 [HIGH] CWE-250 CVE-2024-35154: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has au IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.

CVE-2024-35153 [MEDIUM] CWE-79 CVE-2024-35153: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerabili IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640.

CVE-2024-37532 [HIGH] CWE-347 CVE-2024-37532: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721.

CVE-2024-25026 [HIGH] CWE-770 CVE-2024-25026: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 thro IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516.

CVE-2024-22354 [HIGH] CWE-611 CVE-2024-22354: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 thro IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forg

CVE-2024-22329 [MEDIUM] CWE-918 CVE-2024-22329: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 thro IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.