Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-35282

  • EPSS 0.03%
  • Published 28.09.2022 16:15:11
  • Last modified 20.05.2025 21:15:22

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.

5.4

CVE-2022-34336

  • EPSS 0.27%
  • Published 13.09.2022 21:15:09
  • Last modified 21.11.2024 07:09:19

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...

5.4

CVE-2022-34165

  • EPSS 0.13%
  • Published 09.09.2022 16:15:08
  • Last modified 21.11.2024 07:08:59

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various att...

5.3

CVE-2022-22473

  • EPSS 0.09%
  • Published 14.07.2022 17:15:08
  • Last modified 21.11.2024 06:46:51

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IB...

6.1

CVE-2022-22477

  • EPSS 0.29%
  • Published 14.07.2022 17:15:08
  • Last modified 21.11.2024 06:46:51

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

8.8

CVE-2022-22476

  • EPSS 0.06%
  • Published 08.07.2022 18:15:09
  • Last modified 21.11.2024 06:46:51

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.

5.9

CVE-2022-22365

  • EPSS 0.24%
  • Published 20.05.2022 17:15:07
  • Last modified 21.11.2024 06:46:42

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

6.5

CVE-2022-22475

  • EPSS 0.06%
  • Published 17.05.2022 17:15:08
  • Last modified 21.11.2024 06:46:51

IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.

6.5

CVE-2022-22393

  • EPSS 0.16%
  • Published 13.05.2022 17:15:07
  • Last modified 21.11.2024 06:46:44

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application se...

5.4

CVE-2021-39038

  • EPSS 0.03%
  • Published 24.02.2022 17:15:07
  • Last modified 21.11.2024 06:18:28

IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote atta...