Ibm

Websphere Application Server

439 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2022-22365

  • EPSS 0.24%
  • Veröffentlicht 20.05.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:46:42

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

6.5

CVE-2022-22475

  • EPSS 0.09%
  • Veröffentlicht 17.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:51

IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.

6.5

CVE-2022-22393

  • EPSS 0.19%
  • Veröffentlicht 13.05.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:46:44

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application se...

5.4

CVE-2021-39038

  • EPSS 0.03%
  • Veröffentlicht 24.02.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:28

IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote atta...

8.8

CVE-2021-39031

  • EPSS 0.21%
  • Veröffentlicht 25.01.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:27

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in g...

6.5

CVE-2022-22310

  • EPSS 0.22%
  • Veröffentlicht 19.01.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:36

IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X...

7.5

CVE-2021-38951

  • EPSS 0.32%
  • Veröffentlicht 09.12.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:16

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources...

5.3

CVE-2021-29842

  • EPSS 0.37%
  • Veröffentlicht 16.09.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:01:54

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

8.8

CVE-2021-29736

  • EPSS 0.52%
  • Veröffentlicht 30.07.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:42

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

8.8

CVE-2021-29754

  • EPSS 0.15%
  • Veröffentlicht 11.06.2021 15:15:11
  • Zuletzt bearbeitet 21.11.2024 06:01:44

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.