Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
websphere_application_server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-22310
IBM WebSphere Application Server Liberty 21.0.0.10 up to and including 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.
Ibm Websphere Application Server
7.5
CVSSv3
CVE-2021-20354
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote malicious user to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.
Ibm Websphere Application Server
5.3
CVSSv3
CVE-2022-22473
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote malicious user to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.
Ibm Websphere Application Server
5.4
CVSSv3
CVE-2020-4578
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ...
Ibm Websphere Application Server
3.3
CVSSv3
CVE-2020-4629
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
Ibm Websphere Application Server
NA
CVE-2009-0391
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows malicious users to read arbitrary files via unknown vectors.
Ibm Websphere Application Server 6.0.1
NA
CVE-2009-0437
The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.
Ibm Websphere Application Server 6.0.2
5.4
CVSSv3
CVE-2023-26283
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
Ibm Websphere Application Server 9.0
NA
CVE-2009-0438
IBM WebSphere Application Server (WAS) 7 prior to 7.0.0.1 on Windows allows remote malicious users to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412.
Ibm Websphere Application Server 7.0
NA
CVE-2009-2749
Feature Pack for Communications Enabled Applications (CEA) prior to 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle malicious users to spoof a collaboration session by guessing the value.
Ibm Websphere Application Server 7.0.0.7
Ibm Communications Enabled Applications
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »