Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
websphere application server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2000-0497
IBM WebSphere server 3.0.2 allows a remote malicious user to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
Ibm Websphere Application Server 3.0.2
7.3
CVSSv3
CVE-2020-4347
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412.
Ibm Infosphere Information Server 11.3
Ibm Infosphere Information Server 11.5
Ibm Infosphere Information Server 11.7
7.2
CVSSv3
CVE-2020-4163
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.
Ibm Websphere Application Server
7.1
CVSSv3
CVE-2018-1905
IBM WebSphere Application Server 9.0.0.0 up to and including 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force...
Ibm Websphere Application Server
7.1
CVSSv3
CVE-2017-1382
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID:...
Ibm Websphere Application Server
6.8
CVSSv3
CVE-2016-3040
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x prior to 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Ibm Security Privileged Identity Manager Virtual Appliance 2.0
6.7
CVSSv3
CVE-2018-1621
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local malicious user to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.
Ibm Websphere Application Server 7.0.0.0
Ibm Websphere Application Server 8.0.0.0
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 9.0.0.0
6.5
CVSSv3
CVE-2023-50313
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.
Ibm Websphere Application Server 9.0
Ibm Websphere Application Server 8.5
6.5
CVSSv3
CVE-2022-35282
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.
Ibm Websphere Application Server
6.5
CVSSv3
CVE-2022-22475
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 up to and including 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
Ibm Websphere Application Server
Ibm Open Liberty
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »