Ibm

Websphere Application Server

443 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-38951

  • EPSS 0.32%
  • Veröffentlicht 09.12.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:16

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources...

5.3

CVE-2021-29842

  • EPSS 0.37%
  • Veröffentlicht 16.09.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:01:54

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

8.8

CVE-2021-29736

  • EPSS 0.52%
  • Veröffentlicht 30.07.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:42

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

8.8

CVE-2021-29754

  • EPSS 0.15%
  • Veröffentlicht 11.06.2021 15:15:11
  • Zuletzt bearbeitet 21.11.2024 06:01:44

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.

8.2

CVE-2021-20492

  • EPSS 0.3%
  • Veröffentlicht 26.05.2021 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:46:39

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cons...

8.2

CVE-2021-20454

  • EPSS 0.1%
  • Veröffentlicht 21.04.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 05:46:37

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resou...

8.2

CVE-2021-20453

  • EPSS 0.08%
  • Veröffentlicht 20.04.2021 12:15:12
  • Zuletzt bearbeitet 21.11.2024 05:46:37

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources....

6.5

CVE-2021-20480

  • EPSS 0.37%
  • Veröffentlicht 08.04.2021 13:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:38

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID:...

6.5

CVE-2020-5016

  • EPSS 0.21%
  • Veröffentlicht 10.03.2021 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:33

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL re...

7.8

CVE-2021-20354

  • EPSS 0.46%
  • Veröffentlicht 18.02.2021 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:46:27

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ...