Vulnerabilities > IBM > Websphere Application Server

DATE CVE VULNERABILITY TITLE RISK
2024-11-11 CVE-2024-45087 Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2024-11-04 CVE-2024-45086 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
2024-10-16 CVE-2024-45071 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2024-10-16 CVE-2024-45072 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
2024-10-15 CVE-2024-45085 Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request.
network
low complexity
ibm CWE-754
7.5
2024-08-14 CVE-2023-50314 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.
network
low complexity
ibm
7.5
2024-08-14 CVE-2023-50315 Unspecified vulnerability in IBM Websphere Application Server 8.5.0.0/9.0.0.0
IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks.
network
high complexity
ibm
5.9
2024-07-09 CVE-2024-35154 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code.
network
low complexity
ibm
7.2
2024-06-27 CVE-2024-35153 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
4.8
2024-06-20 CVE-2024-37532 Improper Verification of Cryptographic Signature vulnerability in IBM Websphere Application Server 8.5.0.0/9.0.0.0
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation.
network
low complexity
ibm CWE-347
8.8