Ibm

Websphere Application Server

439 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-22353

  • EPSS 0.02%
  • Veröffentlicht 31.03.2024 12:15:50
  • Zuletzt bearbeitet 21.11.2024 08:56:06

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

6.1

CVE-2024-27270

  • EPSS 0.11%
  • Veröffentlicht 27.03.2024 13:15:47
  • Zuletzt bearbeitet 05.03.2025 20:50:02

IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.

6.5

CVE-2023-50312

  • EPSS 0.04%
  • Veröffentlicht 01.03.2024 03:15:06
  • Zuletzt bearbeitet 23.04.2025 19:38:50

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.

7.5

CVE-2023-38737

  • EPSS 0.03%
  • Veröffentlicht 16.08.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:14:08

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resource...

5.5

CVE-2023-35890

  • EPSS 0.01%
  • Veröffentlicht 07.07.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:56

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.

6.3

CVE-2023-27554

  • EPSS 0.01%
  • Veröffentlicht 11.05.2023 20:15:09
  • Zuletzt bearbeitet 24.01.2025 17:15:11

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM...

5.3

CVE-2022-39161

  • EPSS 0.05%
  • Veröffentlicht 03.05.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 07:17:41

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing...

7.5

CVE-2023-30441

  • EPSS 0.05%
  • Veröffentlicht 29.04.2023 15:15:18
  • Zuletzt bearbeitet 21.11.2024 08:00:11

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.

6.1

CVE-2023-24966

  • EPSS 0.12%
  • Veröffentlicht 27.04.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 07:48:51

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

5.4

CVE-2023-26283

  • EPSS 0.13%
  • Veröffentlicht 02.04.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:51:03

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...