Vulnerabilities > IBM > Websphere Application Server > 19.0.0.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-16 | CVE-2021-29842 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. | 5.3 |
| 2021-05-26 | CVE-2021-20492 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2020-09-21 | CVE-2020-4590 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. | 6.5 |
| 2020-05-06 | CVE-2020-4421 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. | 5.4 |
| 2020-05-06 | CVE-2020-10693 | A flaw was found in Hibernate Validator version 6.1.2.Final. | 5.3 |
| 2020-04-28 | CVE-2020-4329 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. | 4.3 |
| 2020-04-02 | CVE-2020-4304 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. | 6.1 |
| 2020-04-02 | CVE-2020-4303 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. | 6.1 |
| 2020-01-31 | CVE-2019-4720 | Allocation of Resources Without Limits or Throttling vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. | 7.5 |
| 2019-12-10 | CVE-2019-4663 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. | 5.4 |