Ibm

Websphere Application Server

439 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-23477

  • EPSS 0.14%
  • Veröffentlicht 03.02.2023 19:15:13
  • Zuletzt bearbeitet 21.11.2024 07:46:16

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

7.5

CVE-2022-43917

  • EPSS 0.15%
  • Veröffentlicht 26.01.2023 21:17:49
  • Zuletzt bearbeitet 21.11.2024 07:27:21

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Serve...

5.4

CVE-2022-40750

  • EPSS 0.58%
  • Veröffentlicht 11.11.2022 19:15:11
  • Zuletzt bearbeitet 21.11.2024 07:21:58

IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.9

CVE-2022-38712

  • EPSS 0.07%
  • Veröffentlicht 03.11.2022 20:15:29
  • Zuletzt bearbeitet 02.05.2025 21:15:18

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."

6.5

CVE-2022-35282

  • EPSS 0.13%
  • Veröffentlicht 28.09.2022 16:15:11
  • Zuletzt bearbeitet 20.05.2025 21:15:22

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.

5.4

CVE-2022-34336

  • EPSS 0.53%
  • Veröffentlicht 13.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:09:19

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...

5.4

CVE-2022-34165

  • EPSS 0.31%
  • Veröffentlicht 09.09.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:08:59

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various att...

5.3

CVE-2022-22473

  • EPSS 0.09%
  • Veröffentlicht 14.07.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:51

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IB...

6.1

CVE-2022-22477

  • EPSS 0.53%
  • Veröffentlicht 14.07.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:51

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

8.8

CVE-2022-22476

  • EPSS 0.09%
  • Veröffentlicht 08.07.2022 18:15:09
  • Zuletzt bearbeitet 21.11.2024 06:46:51

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.