Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
websphere_application_server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-29754
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.
Ibm Websphere Application Server
6.4
CVSSv2
CVE-2022-22310
IBM WebSphere Application Server Liberty 21.0.0.10 up to and including 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.
Ibm Websphere Application Server
6.4
CVSSv2
CVE-2020-4949
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
Ibm Websphere Application Server
6.4
CVSSv2
CVE-2009-2749
Feature Pack for Communications Enabled Applications (CEA) prior to 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle malicious users to spoof a collaboration session by guessing the value.
Ibm Websphere Application Server 7.0.0.7
Ibm Communications Enabled Applications
6.2
CVSSv2
CVE-2009-0506
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 prior to 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to hav...
Ibm Websphere Application Server 6.0.2.6
Ibm Websphere Application Server 6.0.2.8
Ibm Websphere Application Server 6.0.2.22
Ibm Websphere Application Server 6.0.2.24
Ibm Websphere Application Server 6.0.2
Ibm Websphere Application Server 6.0.2.4
Ibm Websphere Application Server 6.0.2.18
Ibm Websphere Application Server 6.0.2.20
Ibm Websphere Application Server 6.0.2.10
Ibm Websphere Application Server 6.0.2.12
Ibm Websphere Application Server 5.1.0
Ibm Websphere Application Server 6.0.2.14
Ibm Websphere Application Server 6.0.2.16
5
CVSSv2
CVE-2021-38951
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.
Ibm Websphere Application Server 9.0
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 8.0
Ibm Websphere Application Server 8.5
5
CVSSv2
CVE-2010-3700
VMware SpringSource Spring Security 2.x prior to 2.0.6 and 3.x prior to 3.0.4, and Acegi Security 1.0.0 up to and including 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote malicious users to bypass security constraints via a path parameter.
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 2.0.3
Acegisecurity Acegi-security 1.0.4
Acegisecurity Acegi-security 1.0.5
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.5
Acegisecurity Acegi-security 1.0.2
Acegisecurity Acegi-security 1.0.3
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.1
Acegisecurity Acegi-security 1.0.6
Acegisecurity Acegi-security 1.0.7
Vmware Springsource Spring Security 3.0.2
Vmware Springsource Spring Security 3.0.3
Acegisecurity Acegi-security 1.0.0
Acegisecurity Acegi-security 1.0.1
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 6.1
5
CVSSv2
CVE-2010-2323
IBM WebSphere Application Server (WAS) 7.0 prior to 7.0.0.11 on z/OS might allow malicious users to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT.
Ibm Websphere Application Server 7.0.0.5
Ibm Websphere Application Server 7.0.0.3
Ibm Websphere Application Server 7.0.0.9
Ibm Websphere Application Server 7.0.0.1
Ibm Websphere Application Server 7.0.0.7
Ibm Websphere Application Server
Ibm Websphere Application Server 7.0.0.2
Ibm Websphere Application Server 7.0.0.8
Ibm Websphere Application Server 7.0.0.4
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 7.0.0.6
5
CVSSv2
CVE-2009-0435
Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x prior to 6.1.0.17 on AIX 5.3 allows malicious users to cause a denial of service (daemon crash) via vec...
Ibm Websphere Application Server 6.1.0.11
Ibm Websphere Application Server 6.1.0.12
Ibm Websphere Application Server 6.1.0.6
Ibm Websphere Application Server 6.1.0.7
Ibm Websphere Application Server 6.1.5
Ibm Websphere Application Server 6.1.6
Ibm Websphere Application Server 6.1.0
Ibm Websphere Application Server 6.1.0.0
Ibm Websphere Application Server 6.1.0.15
Ibm Websphere Application Server 6.1.0.16
Ibm Websphere Application Server 6.1.1
Ibm Websphere Application Server 6.1.13
Ibm Websphere Application Server 6.1.0.1
Ibm Websphere Application Server 6.1.0.10
Ibm Websphere Application Server 6.1.0.3
Ibm Websphere Application Server 6.1.0.4
Ibm Websphere Application Server 6.1.0.5
Ibm Websphere Application Server 6.1.14
Ibm Websphere Application Server 6.1.3
Ibm Websphere Application Server 6.1.0.13
Ibm Websphere Application Server 6.1.0.14
Ibm Websphere Application Server 6.1.0.8
5
CVSSv2
CVE-2009-0438
IBM WebSphere Application Server (WAS) 7 prior to 7.0.0.1 on Windows allows remote malicious users to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412.
Ibm Websphere Application Server 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »