WebSphere Application Server

8.0.0.14

OTHER 1 CVE

9

SINGLE_NUMBER 3 CVEs

8.0.0.8

OTHER 1 CVE

8.0.0.9

OTHER 1 CVE

9.0.0.0

OTHER 1 CVE

8.5, 9.0

OTHER 19 CVEs

8.5.5.12

OTHER 1 CVE

8.0.0.5

OTHER 1 CVE

9.0.0.5

OTHER 2 CVEs

unspecified

OTHER 1 CVE

7.0.0.43

OTHER 1 CVE

8.5

MAJOR_MINOR 76 CVEs

9.0.0.1

OTHER 2 CVEs

9.0.0.4

OTHER 2 CVEs

9.0

MAJOR_MINOR 77 CVEs

7.0.0.35

OTHER 1 CVE

8.0.0.10

OTHER 1 CVE

9.0.0.3

OTHER 2 CVEs

9.0.0.6

OTHER 2 CVEs

9.0.0.2

OTHER 2 CVEs

Liberty

OTHER 11 CVEs

8.0.0.7

OTHER 1 CVE

8.5.5

SEMANTIC 2 CVEs

7.0

MAJOR_MINOR 62 CVEs

8.5.5.9

OTHER 1 CVE

8.0.0.11

OTHER 1 CVE

7.0.0.39

OTHER 1 CVE

8.0

MAJOR_MINOR 67 CVEs

7.0.0.41

OTHER 1 CVE

8.5.5.11

OTHER 1 CVE

7.0.0.37

OTHER 1 CVE

7.0, 8.0, 8.5, 9.0, Liberty

OTHER 1 CVE

8.0.0.4

OTHER 1 CVE

8.5.5.10

OTHER 1 CVE

8.5.5.7

OTHER 1 CVE

8.0.0.12

OTHER 1 CVE

8.5.5.8

OTHER 1 CVE

8.0.0.13

OTHER 1 CVE

8.0.0.6

OTHER 1 CVE

CVE-2023-50315

IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714.

MEDIUM Aug 14, 2024

CVE-2024-35153

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640.

MEDIUM Jun 27, 2024

CVE-2024-25026

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516.

MEDIUM Apr 25, 2024

CVE-2023-50313

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812.

MEDIUM Apr 02, 2024

CVE-2023-35890

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.

MEDIUM Jul 07, 2023

CVE-2023-27554

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.

MEDIUM May 11, 2023

CVE-2023-24966

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.

MEDIUM Apr 27, 2023

CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

HIGH Feb 03, 2023

CVE-2022-43917

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.

MEDIUM Jan 25, 2023

CVE-2022-40750

IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.

MEDIUM Nov 11, 2022