Ibm Websphere Application Server vulnerabilities
442 known vulnerabilities affecting ibm/websphere_application_server.
Total CVEs
442
CISA KEV
1
actively exploited
Public exploits
12
Exploited in wild
2
Severity breakdown
CRITICAL49HIGH92MEDIUM261LOW40
Vulnerabilities
Page 2 of 23
CVE-2024-45071MEDIUMCVSS 4.8≥ 8.5.0.0, ≤ 8.5.5.26≥ 9.0.0.0, ≤ 9.0.5.21+1 more2024-10-16
CVE-2024-45071 [MEDIUM] CWE-79 CVE-2024-45071: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vuln
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
cvelistv5nvd
CVE-2024-45085HIGHCVSS 7.5≥ 8.5.0.0, < 8.5.5.27v8.52024-10-15
CVE-2024-45085 [MEDIUM] CWE-754 CVE-2024-45085: IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurati
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service.
cvelistv5nvd
CVE-2024-45073MEDIUMCVSS 4.8v8.5v9.0+1 more2024-09-30
CVE-2024-45073 [MEDIUM] CWE-79 CVE-2024-45073: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vuln
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
cvelistv5nvd
CVE-2023-50314HIGHCVSS 7.5≥ 17.0.0.3, ≤ 24.0.0.82024-08-14
CVE-2023-50314 [MEDIUM] CWE-295 CVE-2023-50314: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with acce
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713.
nvd
CVE-2023-50315MEDIUMCVSS 5.9v8.5.0.0v9.0.0.0+1 more2024-08-14
CVE-2023-50315 [MEDIUM] CWE-295 CVE-2023-50315: IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to c
IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714.
cvelistv5nvd
CVE-2024-35154HIGHCVSS 7.2≥ 8.5.0.0, ≤ 8.5.5.25≥ 9.0.0.0, ≤ 9.0.5.20+1 more2024-07-09
CVE-2024-35154 [HIGH] CWE-250 CVE-2024-35154: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has au
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.
cvelistv5nvd
CVE-2024-35153MEDIUMCVSS 4.8≥ 8.5.0.0, < 8.5.5.26≥ 9.0.0.0, < 9.0.5.21+1 more2024-06-27
CVE-2024-35153 [MEDIUM] CWE-79 CVE-2024-35153: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerabili
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640.
cvelistv5nvd
CVE-2024-37532HIGHCVSS 8.8v8.5.0.0v9.0.0.0+1 more2024-06-20
CVE-2024-37532 [HIGH] CWE-347 CVE-2024-37532: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721.
cvelistv5nvd
CVE-2024-25026HIGHCVSS 7.5≥ 8.5.0.0, ≤ 8.5.5.25≥ 9.0.0.0, ≤ 9.0.5.19+2 more2024-04-25
CVE-2024-25026 [MEDIUM] CWE-770 CVE-2024-25026: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 thro
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516.
cvelistv5nvd
CVE-2024-22354HIGHCVSS 7.0≥ 8.5.0.0, < 8.5.5.26≥ 9.0.0.0, < 9.0.5.20+2 more2024-04-17
CVE-2024-22354 [HIGH] CWE-611 CVE-2024-22354: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 thro
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forg
cvelistv5nvd
CVE-2024-22329MEDIUMCVSS 4.3≥ 8.5.0.0, < 8.5.5.26≥ 9.0.0.0, < 9.0.5.20+2 more2024-04-17
CVE-2024-22329 [MEDIUM] CWE-918 CVE-2024-22329: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 thro
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951.
cvelistv5nvd
CVE-2024-27268HIGHCVSS 7.5≥ 18.0.0.2, < 24.0.0.52024-04-04
CVE-2024-27268 [MEDIUM] CWE-770 CVE-2024-27268: IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of serv
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.
nvd
CVE-2023-50313MEDIUMCVSS 6.5v8.5v9.0+1 more2024-04-02
CVE-2023-50313 [MEDIUM] CWE-327 CVE-2023-50313: IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outboun
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.
cvelistv5nvd
CVE-2024-22353HIGHCVSS 7.5≥ 17.0.0.3, ≤ 24.0.0.32024-03-31
CVE-2024-22353 [MEDIUM] CWE-770 CVE-2024-22353: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of serv
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.
nvd
CVE-2024-27270MEDIUMCVSS 6.1≥ 23.0.0.3, < 24.0.0.42024-03-27
CVE-2024-27270 [MEDIUM] CWE-79 CVE-2024-27270: IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scrip
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.
nvd
CVE-2023-50312MEDIUMCVSS 6.5≥ 17.0.0.3, < 24.0.0.32024-03-01
CVE-2023-50312 [MEDIUM] CWE-327 CVE-2023-50312: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expecte
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.
nvd
CVE-2023-38737HIGHCVSS 7.5≥ 22.0.0.13, ≤ 23.0.0.72023-08-16
CVE-2023-38737 [MEDIUM] CWE-20 CVE-2023-38737: IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of ser
IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.
nvd
CVE-2023-35890MEDIUMCVSS 5.5v8.5.5.23v9.0.5.15+2 more2023-07-07
CVE-2023-35890 [MEDIUM] CWE-327 CVE-2023-35890: IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.
cvelistv5nvd
CVE-2023-27554CRITICALCVSS 9.1≥ 8.5.0.0, < 8.5.5.24≥ 9.0.0.0, < 9.0.5.16+1 more2023-05-11
CVE-2023-27554 [MEDIUM] CWE-611 CVE-2023-27554:
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.
cvelistv5nvd
CVE-2022-39161MEDIUMCVSS 5.3v7.0v8.0+3 more2023-05-03
CVE-2022-39161 [MEDIUM] CWE-295 CVE-2022-39161: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, w
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by
cvelistv5nvd