Search Results (470 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3700 3 Acegisecurity, Ibm, Vmware 3 Acegi-security, Websphere Application Server, Springsource Spring Security 2025-04-11 N/A
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.
CVE-2011-1317 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses.
CVE-2010-3186 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.
CVE-2011-1316 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.
CVE-2011-1315 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.
CVE-2024-27268 1 Ibm 1 Websphere Application Server 2025-04-10 5.9 Medium
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.
CVE-2022-43917 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-03-31 5.9 Medium
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.
CVE-2023-23477 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-03-25 8.1 High
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.
CVE-2024-27270 1 Ibm 1 Websphere Application Server 2025-03-05 4.7 Medium
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.
CVE-2024-25026 1 Ibm 1 Websphere Application Server 2025-02-27 5.9 Medium
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516.
CVE-2023-26283 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-02-25 5.4 Medium
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.
CVE-2022-39161 1 Ibm 1 Websphere Application Server 2025-02-12 4.8 Medium
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.
CVE-2023-24966 1 Ibm 1 Websphere Application Server 2025-01-30 6.1 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.
CVE-2023-30441 2 Ibm, Redhat 6 Infosphere Information Server, Java, Websphere Application Server and 3 more 2025-01-30 7.5 High
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
CVE-2023-27554 1 Ibm 1 Websphere Application Server 2025-01-24 6.3 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.
CVE-2024-45073 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Websphere Application Server and 4 more 2025-01-07 4.8 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-37532 1 Ibm 1 Websphere Application Server 2024-11-21 8.8 High
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721.
CVE-2024-35154 1 Ibm 1 Websphere Application Server 2024-11-21 7.2 High
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.
CVE-2024-35153 1 Ibm 1 Websphere Application Server 2024-11-21 4.8 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640.
CVE-2024-22354 1 Ibm 1 Websphere Application Server 2024-11-21 7 High
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401.