Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Websphere_application_server
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 414 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-01-02 | CVE-2015-7450 | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. | Sterling_b2b_integrator, Sterling_integrator, Tivoli_common_reporting, Watson_content_analytics, Watson_explorer_analytical_components, Watson_explorer_annotation_administration_console, Websphere_application_server | 9.8 | ||
| 2024-03-31 | CVE-2024-22353 | IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. | Websphere_application_server | 7.5 | ||
| 2024-04-02 | CVE-2023-50313 | IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. | Websphere_application_server | 6.5 | ||
| 2000-06-08 | CVE-2000-0497 | IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | Websphere_application_server | 7.5 | ||
| 2020-05-06 | CVE-2020-10693 | A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. | Websphere_application_server, Weblogic_server, Quarkus, Hibernate_validator, Jboss_enterprise_application_platform, Satellite, Satellite_capsule | 5.3 | ||
| 2022-11-11 | CVE-2022-40750 | IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. | Websphere_application_server | 5.4 | ||
| 2023-01-26 | CVE-2022-43917 | IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. | Websphere_application_server | 7.5 | ||
| 2023-02-03 | CVE-2023-23477 | IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | Websphere_application_server | 9.8 | ||
| 2023-04-02 | CVE-2023-26283 | IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. | Websphere_application_server | 5.4 | ||
| 2023-08-16 | CVE-2023-38737 | IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567. | Websphere_application_server | 7.5 |