Ibm

Websphere Application Server

443 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-45071

  • EPSS 0.3%
  • Veröffentlicht 16.10.2024 17:15:16
  • Zuletzt bearbeitet 21.10.2024 13:41:29

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr...

5.5

CVE-2024-45072

  • EPSS 0.04%
  • Veröffentlicht 16.10.2024 17:15:16
  • Zuletzt bearbeitet 21.10.2024 13:41:20

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.

7.5

CVE-2024-45085

  • EPSS 0.12%
  • Veröffentlicht 15.10.2024 22:15:03
  • Zuletzt bearbeitet 08.11.2024 15:13:11

IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of ...

4.8

CVE-2024-45073

  • EPSS 0.24%
  • Veröffentlicht 30.09.2024 22:15:02
  • Zuletzt bearbeitet 07.01.2025 14:36:34

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr...

7.5

CVE-2023-50314

  • EPSS 0.1%
  • Veröffentlicht 14.08.2024 18:15:09
  • Zuletzt bearbeitet 23.08.2024 19:20:22

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obta...

5.9

CVE-2023-50315

  • EPSS 0.15%
  • Veröffentlicht 14.08.2024 17:15:14
  • Zuletzt bearbeitet 11.09.2024 13:38:26

IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive informati...

7.2

CVE-2024-35154

  • EPSS 0.29%
  • Veröffentlicht 09.07.2024 22:15:02
  • Zuletzt bearbeitet 21.11.2024 09:19:50

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerabilit...

4.8

CVE-2024-35153

  • EPSS 0.31%
  • Veröffentlicht 27.06.2024 18:15:18
  • Zuletzt bearbeitet 21.11.2024 09:19:49

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

8.8

CVE-2024-37532

  • EPSS 0.13%
  • Veröffentlicht 20.06.2024 14:15:10
  • Zuletzt bearbeitet 21.11.2024 09:24:01

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721.

7.5

CVE-2024-25026

  • EPSS 0.02%
  • Veröffentlicht 25.04.2024 13:15:51
  • Zuletzt bearbeitet 27.02.2025 16:24:20

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability...