Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm websphere application server 8.5.0.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-26281
IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.
Ibm Http Server 8.5.0.0
7.5
CVSSv3
CVE-2016-9879
An issue exists in Pivotal Spring Security prior to 3.2.10, 4.1.x prior to 4.1.4, and 4.2.x prior to 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an at...
Vmware Spring Security 4.1.3
Vmware Spring Security 4.1.2
Vmware Spring Security 3.2.5
Vmware Spring Security 3.2.4
Vmware Spring Security 4.1.1
Vmware Spring Security 4.1.0
Vmware Spring Security 3.2.3
Vmware Spring Security 3.2.2
Vmware Spring Security 3.2.7
Vmware Spring Security 3.2.6
Vmware Spring Security 4.2.0
Vmware Spring Security 3.2.9
Vmware Spring Security 3.2.8
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.0
Ibm Websphere Application Server 8.5.5.6
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.5.5.3
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.5.5.9
Ibm Websphere Application Server 8.5.5.1
7.5
CVSSv3
CVE-2016-5983
IBM WebSphere Application Server (WAS) 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, 8.5 prior to 8.5.5.11, 9.0 prior to 9.0.0.2, and Liberty prior to 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.5.5.9
Ibm Websphere Application Server 8.0.0.9
Ibm Websphere Application Server 8.0.0.8
Ibm Websphere Application Server 8.0.0.11
Ibm Websphere Application Server 8.0.0.10
Ibm Websphere Application Server 7.0.0.7
Ibm Websphere Application Server 7.0.0.6
Ibm Websphere Application Server 7.0.0.35
Ibm Websphere Application Server 7.0.0.34
Ibm Websphere Application Server 7.0.0.25
Ibm Websphere Application Server 7.0.0.24
Ibm Websphere Application Server 7.0.0.17
Ibm Websphere Application Server 7.0.0.16
Ibm Websphere Application Server 7.0.0.1
Ibm Websphere Application Server 7.0.0.0
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.0.0.3
Ibm Websphere Application Server 8.0.0.2
Ibm Websphere Application Server 8.0.0.12
1 Github repository
7.5
CVSSv3
CVE-2016-5986
IBM WebSphere Application Server (WAS) 7.x prior to 7.0.0.43, 8.0.x prior to 8.0.0.13, 8.5.x prior to 8.5.5.11, 9.0.x prior to 9.0.0.2, and Liberty prior to 16.0.0.3 mishandles responses, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Ibm Websphere Application Server 8.5.0.2
Ibm Websphere Application Server 8.5.5.0
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.0.0.4
Ibm Websphere Application Server 8.0.0.3
Ibm Websphere Application Server 8.0
Ibm Websphere Application Server 7.0.0.39
Ibm Websphere Application Server 7.0.0.38
Ibm Websphere Application Server 7.0.0.37
Ibm Websphere Application Server 7.0.0.3
Ibm Websphere Application Server 7.0.0.29
Ibm Websphere Application Server 7.0.0.21
Ibm Websphere Application Server 7.0.0.2
Ibm Websphere Application Server 7.0.0.12
Ibm Websphere Application Server 7.0.0.11
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.0.0.9
Ibm Websphere Application Server 8.0.0.2
Ibm Websphere Application Server 8.0.0.12
6.7
CVSSv3
CVE-2018-1621
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local malicious user to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.
Ibm Websphere Application Server 7.0.0.0
Ibm Websphere Application Server 8.0.0.0
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 9.0.0.0
6.5
CVSSv3
CVE-2018-1838
IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote malicious user to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811.
Ibm Websphere Application Server
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 9.0.0.0
6.5
CVSSv3
CVE-2015-0110
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
Ibm Business Process Manager 7.5.1.0
Ibm Business Process Manager 7.5.1.1
Ibm Business Process Manager 7.5.1.2
Ibm Business Process Manager 8.0.0.0
Ibm Business Process Manager 7.5.0.1
Ibm Business Process Manager 8.0.1.0
Ibm Business Process Manager 8.0.1.2
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 7.5.0.0
Ibm Business Process Manager 8.0.1.1
Ibm Business Process Manager 8.0.1.3
Ibm Websphere Application Server 7.2.0.0
Ibm Websphere Application Server 7.2.0.2
Ibm Websphere Application Server 7.2.0.4
Ibm Websphere Application Server 7.2.0.1
Ibm Websphere Application Server 7.2.0.3
Ibm Websphere Application Server 7.2.0.5
6.1
CVSSv3
CVE-2016-0359
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, 8.5 Full prior to 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP respon...
Ibm Websphere Application Server 8.5.5.6
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.0.0.5
Ibm Websphere Application Server 8.0.0.4
Ibm Websphere Application Server 8.0
Ibm Websphere Application Server 7.0.0.39
Ibm Websphere Application Server 7.0.0.41
Ibm Websphere Application Server 7.0.0.38
Ibm Websphere Application Server 7.0.0.31
Ibm Websphere Application Server 7.0.0.3
Ibm Websphere Application Server 7.0.0.21
Ibm Websphere Application Server 7.0.0.2
Ibm Websphere Application Server 7.0.0.13
Ibm Websphere Application Server 7.0.0.12
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.0.0.3
Ibm Websphere Application Server 8.0.0.2
Ibm Websphere Application Server 7.0.0.9
Ibm Websphere Application Server 7.0.0.8
Ibm Websphere Application Server 7.0.0.37
Ibm Websphere Application Server 8.5.5.8
5.9
CVSSv3
CVE-2016-0306
IBM WebSphere Application Server (WAS) 7.0 prior to 7.0.0.41, 8.0 prior to 8.0.0.13, and 8.5 prior to 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle malicious users to obtain sensitive information via unspecified vectors.
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.0.0.11
Ibm Websphere Application Server 8.0.0.3
Ibm Websphere Application Server 8.0.0.2
Ibm Websphere Application Server 7.0.0.31
Ibm Websphere Application Server 7.0.0.29
Ibm Websphere Application Server 7.0.0.17
Ibm Websphere Application Server 7.0.0.13
Ibm Websphere Application Server 7.0.0.1
Ibm Websphere Application Server 7.0.0.0
Ibm Websphere Application Server 8.0.0.12
Ibm Websphere Application Server 8.5.5.3
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.0.0.10
Ibm Websphere Application Server 8.0.0.9
Ibm Websphere Application Server 8.0.0.1
Ibm Websphere Application Server 8.0.0.0
Ibm Websphere Application Server 7.0.0.27
Ibm Websphere Application Server 7.0.0.25
Ibm Websphere Application Server 7.0.0.11
5.4
CVSSv3
CVE-2015-7417
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 prior to 7.0.0.41, 8.0 prior to 8.0.0.12, and 8.5 prior to 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.
Ibm Websphere Application Server 8.5.5.3
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.0.0.10
Ibm Websphere Application Server 8.0.0.9
Ibm Websphere Application Server 8.0.0.2
Ibm Websphere Application Server 8.0.0.1
Ibm Websphere Application Server 7.0.0.27
Ibm Websphere Application Server 7.0.0.25
Ibm Websphere Application Server 7.0.0.11
Ibm Websphere Application Server 7.0.0.4
Ibm Websphere Application Server 7.0.0.0
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.0.0.11
Ibm Websphere Application Server 8.0.0.4
Ibm Websphere Application Server 8.0.0.3
Ibm Websphere Application Server 7.0.0.31
Ibm Websphere Application Server 7.0.0.29
Ibm Websphere Application Server 7.0.0.17
Ibm Websphere Application Server 7.0.0.13
Ibm Websphere Application Server 7.0.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »