Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
websphere_application_server vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-22473
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote malicious user to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.
Ibm Websphere Application Server
NA
CVE-2008-5412
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 prior to 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438.
Ibm Websphere Application Server
6.5
CVSSv3
CVE-2021-20480
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.
Ibm Websphere Application Server
8.8
CVSSv3
CVE-2021-29736
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.
Ibm Websphere Application Server
8.8
CVSSv3
CVE-2021-29754
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.
Ibm Websphere Application Server
NA
CVE-2009-0391
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows malicious users to read arbitrary files via unknown vectors.
Ibm Websphere Application Server 6.0.1
NA
CVE-2009-0437
The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.
Ibm Websphere Application Server 6.0.2
NA
CVE-2009-0438
IBM WebSphere Application Server (WAS) 7 prior to 7.0.0.1 on Windows allows remote malicious users to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412.
Ibm Websphere Application Server 7.0
5.4
CVSSv3
CVE-2023-26283
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
Ibm Websphere Application Server 9.0
NA
CVE-2009-2749
Feature Pack for Communications Enabled Applications (CEA) prior to 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle malicious users to spoof a collaboration session by guessing the value.
Ibm Websphere Application Server 7.0.0.7
Ibm Communications Enabled Applications
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »