Ibm

Websphere Application Server Liberty

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2026-3621

  • EPSS 0.04%
  • Veröffentlicht 22.04.2026 23:07:31
  • Zuletzt bearbeitet 13.05.2026 20:24:13

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configu...

9.8

CVE-2025-14917

  • EPSS 0.01%
  • Veröffentlicht 25.03.2026 20:13:55
  • Zuletzt bearbeitet 30.03.2026 16:59:11

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

7.2

CVE-2025-14915

Medienbericht
  • EPSS 0.01%
  • Veröffentlicht 25.03.2026 20:12:27
  • Zuletzt bearbeitet 30.03.2026 16:59:31

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.

5.4

CVE-2026-1561

Medienbericht
  • EPSS 0.04%
  • Veröffentlicht 25.03.2026 20:10:10
  • Zuletzt bearbeitet 30.03.2026 16:58:21

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potential...

9.8

CVE-2025-14923

  • EPSS 0.04%
  • Veröffentlicht 03.03.2026 19:47:25
  • Zuletzt bearbeitet 04.03.2026 18:23:23

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.

7.6

CVE-2025-14914

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 02.02.2026 16:16:17
  • Zuletzt bearbeitet 12.02.2026 21:16:54

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

5.4

CVE-2025-12635

  • EPSS 0.02%
  • Veröffentlicht 08.12.2025 21:58:13
  • Zuletzt bearbeitet 11.12.2025 00:01:21

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by ...

7.5

CVE-2025-36047

  • EPSS 0.12%
  • Veröffentlicht 14.08.2025 15:38:11
  • Zuletzt bearbeitet 03.11.2025 20:18:30

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

4.8

CVE-2025-36000

  • EPSS 0.03%
  • Veröffentlicht 12.08.2025 19:39:17
  • Zuletzt bearbeitet 14.08.2025 01:29:01

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p...

7.5

CVE-2025-36124

  • EPSS 0.05%
  • Veröffentlicht 12.08.2025 18:45:24
  • Zuletzt bearbeitet 14.08.2025 01:23:45

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration