Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm websphere application server liberty vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-1583
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote malicious user to obtain sensitive information caused by improper error handling by MyFaces in JSF.
Ibm Liberty 3.13
7.5
CVSSv3
CVE-2016-5983
IBM WebSphere Application Server (WAS) 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, 8.5 prior to 8.5.5.11, 9.0 prior to 9.0.0.2, and Liberty prior to 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.5.5.9
Ibm Websphere Application Server 8.0.0.9
Ibm Websphere Application Server 8.0.0.8
Ibm Websphere Application Server 8.0.0.11
Ibm Websphere Application Server 8.0.0.10
Ibm Websphere Application Server 7.0.0.7
Ibm Websphere Application Server 7.0.0.6
Ibm Websphere Application Server 7.0.0.35
Ibm Websphere Application Server 7.0.0.34
Ibm Websphere Application Server 7.0.0.25
Ibm Websphere Application Server 7.0.0.24
Ibm Websphere Application Server 7.0.0.17
Ibm Websphere Application Server 7.0.0.16
Ibm Websphere Application Server 7.0.0.1
Ibm Websphere Application Server 7.0.0.0
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.0.0.3
Ibm Websphere Application Server 8.0.0.2
Ibm Websphere Application Server 8.0.0.12
1 Github repository
7.5
CVSSv3
CVE-2016-5986
IBM WebSphere Application Server (WAS) 7.x prior to 7.0.0.43, 8.0.x prior to 8.0.0.13, 8.5.x prior to 8.5.5.11, 9.0.x prior to 9.0.0.2, and Liberty prior to 16.0.0.3 mishandles responses, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Ibm Websphere Application Server 8.5.0.2
Ibm Websphere Application Server 8.5.5.0
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.0.0.4
Ibm Websphere Application Server 8.0.0.3
Ibm Websphere Application Server 8.0
Ibm Websphere Application Server 7.0.0.39
Ibm Websphere Application Server 7.0.0.38
Ibm Websphere Application Server 7.0.0.37
Ibm Websphere Application Server 7.0.0.3
Ibm Websphere Application Server 7.0.0.29
Ibm Websphere Application Server 7.0.0.21
Ibm Websphere Application Server 7.0.0.2
Ibm Websphere Application Server 7.0.0.12
Ibm Websphere Application Server 7.0.0.11
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.0.0.9
Ibm Websphere Application Server 8.0.0.2
Ibm Websphere Application Server 8.0.0.12
7.5
CVSSv3
CVE-2016-2945
The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 up to and including 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.
Ibm Websphere Application Server 8.5.5.8
Ibm Websphere Application Server 8.5.5.9
7.5
CVSSv3
CVE-2016-2923
IBM WebSphere Application Server (WAS) 8.5 up to and including 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote malicious users to obtain potentially s...
Ibm Websphere Application Server 8.5.5.9
Ibm Websphere Application Server 8.5.5.8
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.5.5.0
Ibm Websphere Application Server 8.5.5.3
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.5.5.7
Ibm Websphere Application Server 8.5.5.6
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.5.5.4
6.8
CVSSv3
CVE-2016-3040
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x prior to 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Ibm Security Privileged Identity Manager Virtual Appliance 2.0
6.5
CVSSv3
CVE-2022-22475
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 up to and including 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
Ibm Websphere Application Server
Ibm Open Liberty
6.5
CVSSv3
CVE-2022-22393
IBM WebSphere Application Server Liberty 17.0.0.3 up to and including 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ...
Ibm Websphere Application Server
6.5
CVSSv3
CVE-2022-22310
IBM WebSphere Application Server Liberty 21.0.0.10 up to and including 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.
Ibm Websphere Application Server
6.5
CVSSv3
CVE-2020-4590
IBM WebSphere Application Server Liberty 17.0.0.3 up to and including 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.
Ibm Websphere Application Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »