Ibm

Websphere Application Server

435 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2023-35890

  • EPSS 0.02%
  • Veröffentlicht 07.07.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:56

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.

6.3

CVE-2023-27554

  • EPSS 0.01%
  • Veröffentlicht 11.05.2023 20:15:09
  • Zuletzt bearbeitet 24.01.2025 17:15:11

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM...

5.3

CVE-2022-39161

  • EPSS 0.05%
  • Veröffentlicht 03.05.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 07:17:41

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing...

7.5

CVE-2023-30441

  • EPSS 0.03%
  • Veröffentlicht 29.04.2023 15:15:18
  • Zuletzt bearbeitet 21.11.2024 08:00:11

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.

6.1

CVE-2023-24966

  • EPSS 0.13%
  • Veröffentlicht 27.04.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 07:48:51

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

5.4

CVE-2023-26283

  • EPSS 0.1%
  • Veröffentlicht 02.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:51:03

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...

9.8

CVE-2023-23477

  • EPSS 0.19%
  • Veröffentlicht 03.02.2023 19:15:13
  • Zuletzt bearbeitet 21.11.2024 07:46:16

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

7.5

CVE-2022-43917

  • EPSS 0.03%
  • Veröffentlicht 26.01.2023 21:17:49
  • Zuletzt bearbeitet 21.11.2024 07:27:21

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Serve...

5.4

CVE-2022-40750

  • EPSS 0.23%
  • Veröffentlicht 11.11.2022 19:15:11
  • Zuletzt bearbeitet 21.11.2024 07:21:58

IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.9

CVE-2022-38712

  • EPSS 0.03%
  • Veröffentlicht 03.11.2022 20:15:29
  • Zuletzt bearbeitet 02.05.2025 21:15:18

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."