Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm websphere application server liberty vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2022-22476
IBM WebSphere Application Server Liberty 17.0.0.3 up to and including 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.
Ibm Websphere Application Server
Ibm Open Liberty
6
CVSSv2
CVE-2016-2945
The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 up to and including 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.
Ibm Websphere Application Server 8.5.5.8
Ibm Websphere Application Server 8.5.5.9
5.5
CVSSv2
CVE-2020-4421
IBM WebSphere Application Liberty 19.0.0.5 up to and including 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.
Ibm Websphere Application Server
5.5
CVSSv2
CVE-2015-0175
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile prior to 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.
Ibm Websphere Application Server 8.5.0.2
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.5.5.0
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.5.0.1
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.5.5.3
Ibm Websphere Application Server 8.5.5.2
5.1
CVSSv2
CVE-2014-8890
IBM WebSphere Application Server Liberty Profile 8.5.x prior to 8.5.5.4 allows remote malicious users to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.
Ibm Websphere Application Server 8.5.0.2
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.5.5.0
Ibm Websphere Application Server 8.5.0.1
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.5.5.3
Ibm Websphere Application Server 8.5.5.2
5
CVSSv2
CVE-2021-29842
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 up to and including 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.
Ibm Websphere Application Server
5
CVSSv2
CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows malicious users to bypass input sanitation (escaping, stripping) controls that develope...
Redhat Hibernate Validator 7.0.0
Redhat Hibernate Validator
Ibm Websphere Application Server
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Satellite Capsule 6.8
Redhat Satellite 6.8
Quarkus Quarkus
Oracle Weblogic Server 14.1.1.0.0
3 Github repositories
5
CVSSv2
CVE-2019-4720
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.
Ibm Websphere Application Server
5
CVSSv2
CVE-2019-4441
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote malicious user to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
Ibm Websphere Application Server
5
CVSSv2
CVE-2019-4305
IBM WebSphere Application Server Liberty could allow a remote malicious user to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.
Ibm Websphere Application Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »