CVE-2026-9071
- EPSS 0.31%
- Veröffentlicht 22.06.2026 14:47:39
- Zuletzt bearbeitet 23.06.2026 20:46:35
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerab...
CVE-2026-9006
- EPSS 0.23%
- Veröffentlicht 22.06.2026 14:46:47
- Zuletzt bearbeitet 24.06.2026 05:17:30
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information ...
CVE-2026-8646
- EPSS 0.35%
- Veröffentlicht 22.06.2026 14:44:42
- Zuletzt bearbeitet 24.06.2026 05:17:30
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server ther...
CVE-2026-10845
- EPSS 0.36%
- Veröffentlicht 22.06.2026 14:43:16
- Zuletzt bearbeitet 23.06.2026 20:36:49
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.
CVE-2026-9072
- EPSS 0.38%
- Veröffentlicht 22.06.2026 14:21:35
- Zuletzt bearbeitet 09.07.2026 21:16:56
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can b...
CVE-2026-9330
- EPSS 0.49%
- Veröffentlicht 01.06.2026 18:01:06
- Zuletzt bearbeitet 04.06.2026 16:52:54
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when c...
- EPSS 0.46%
- Veröffentlicht 01.06.2026 17:59:43
- Zuletzt bearbeitet 04.06.2026 16:57:52
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
- EPSS 0.51%
- Veröffentlicht 01.06.2026 17:49:42
- Zuletzt bearbeitet 04.06.2026 16:53:09
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
CVE-2026-8644
- EPSS 0.33%
- Veröffentlicht 01.06.2026 17:46:04
- Zuletzt bearbeitet 04.06.2026 16:58:19
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
CVE-2026-5516
- EPSS 0.21%
- Veröffentlicht 27.05.2026 13:00:04
- Zuletzt bearbeitet 02.06.2026 17:16:38
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window.