Ibm Websphere Application Server vulnerabilities
451 known vulnerabilities affecting ibm/websphere_application_server.
Total CVEs
451
CISA KEV
1
actively exploited
Public exploits
13
Exploited in wild
2
Severity breakdown
CRITICAL53HIGH95MEDIUM263LOW40
Vulnerabilities
Page 3 of 23
CVE-2024-27268HIGHCVSS 7.5≥ 18.0.0.2, < 24.0.0.52024-04-04
CVE-2024-27268 [HIGH] CWE-770 CVE-2024-27268: IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of serv
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.
nvd
CVE-2023-50313MEDIUMCVSS 6.5v8.5v9.0+1 more2024-04-02
CVE-2023-50313 [MEDIUM] CWE-327 CVE-2023-50313: IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outboun
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.
nvd
CVE-2024-22353HIGHCVSS 7.5≥ 17.0.0.3, ≤ 24.0.0.32024-03-31
CVE-2024-22353 [HIGH] CWE-770 CVE-2024-22353: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of serv
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.
nvd
CVE-2024-27270MEDIUMCVSS 6.1≥ 23.0.0.3, < 24.0.0.42024-03-27
CVE-2024-27270 [MEDIUM] CWE-79 CVE-2024-27270: IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scrip
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.
nvd
CVE-2023-50312MEDIUMCVSS 6.5≥ 17.0.0.3, < 24.0.0.32024-03-01
CVE-2023-50312 [MEDIUM] CWE-327 CVE-2023-50312: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expecte
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.
nvd
CVE-2023-38737HIGHCVSS 7.5≥ 22.0.0.13, ≤ 23.0.0.72023-08-16
CVE-2023-38737 [HIGH] CWE-20 CVE-2023-38737: IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of ser
IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.
nvd
CVE-2023-35890MEDIUMCVSS 5.5v8.5.5.23v9.0.5.15+2 more2023-07-07
CVE-2023-35890 [MEDIUM] CWE-327 CVE-2023-35890: IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.
nvd
CVE-2023-27554CRITICALCVSS 9.1≥ 8.5.0.0, < 8.5.5.24≥ 9.0.0.0, < 9.0.5.16+1 more2023-05-11
CVE-2023-27554 [CRITICAL] CWE-611 CVE-2023-27554:
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.
nvd
CVE-2022-39161MEDIUMCVSS 5.3v7.0v8.0+3 more2023-05-03
CVE-2022-39161 [MEDIUM] CWE-295 CVE-2022-39161: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, w
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by
nvd
CVE-2023-30441HIGHCVSS 7.5≥ 8.5.0.0, < 8.5.5.23v9.0.0.02023-04-29
CVE-2023-30441 [HIGH] CWE-327 CVE-2023-30441: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 compon
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
nvd
CVE-2023-24966MEDIUMCVSS 6.1≥ 8.5.0.0, < 8.5.5.24≥ 9.0.0.0, < 9.0.5.16+1 more2023-04-27
CVE-2023-24966 [MEDIUM] CWE-79 CVE-2023-24966: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerabili
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.
nvd
CVE-2023-26283MEDIUMCVSS 5.4v9.02023-04-02
CVE-2023-26283 [MEDIUM] CWE-79 CVE-2023-26283: IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allow
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.
nvd
CVE-2023-23477CRITICALCVSS 9.8v8.5v9.0+1 more2023-02-03
CVE-2023-23477 [CRITICAL] CWE-94 CVE-2023-23477: IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute ar
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.
nvd
CVE-2022-43917HIGHCVSS 7.5v8.5v9.0+1 more2023-01-26
CVE-2022-43917 [HIGH] CWE-327 CVE-2022-43917:
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected crypto
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.
nvd
CVE-2022-40750MEDIUMCVSS 5.4v8.5v9.0+1 more2022-11-11
CVE-2022-40750 [MEDIUM] CWE-79 CVE-2022-40750: IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerabil
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.
nvd
CVE-2022-38712MEDIUMCVSS 5.9≥ 7.0.0.0, < 7.0.0.45≥ 8.0.0.0, < 8.0.0.15+2 more2022-11-03
CVE-2022-38712 [MEDIUM] CWE-290 CVE-2022-38712: "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middl
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."
nvd
CVE-2022-35282MEDIUMCVSS 6.5≥ 7.0.0.0, < 7.0.0.45≥ 8.0.0.0, < 8.0.0.15+6 more2022-09-28
CVE-2022-35282 [MEDIUM] CWE-918 CVE-2022-35282: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.
nvd
CVE-2022-34336MEDIUMCVSS 5.4v7.0v8.0+2 more2022-09-13
CVE-2022-34336 [MEDIUM] CWE-79 CVE-2022-34336: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714.
nvd
CVE-2022-34165MEDIUMCVSS 5.4≥ 7.0.0.0, ≤ 7.0.0.45≥ 8.0.0.0, ≤ 8.0.0.15+7 more2022-09-09
CVE-2022-34165 [MEDIUM] CWE-74 CVE-2022-34165: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID
nvd
CVE-2022-22473MEDIUMCVSS 5.3≥ 7.0.0.0, ≤ 7.0.0.45≥ 8.0.0.0, ≤ 8.0.0.15+6 more2022-07-14
CVE-2022-22473 [MEDIUM] CVE-2022-22473: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sens
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.
nvd