Vulnerabilities > IBM > Websphere Application Server > 7.0.0.1

DATE CVE VULNERABILITY TITLE RISK
2022-11-03 CVE-2022-38712 Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations.
network
high complexity
ibm CWE-290
5.9
2022-09-28 CVE-2022-35282 Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF).
low complexity
ibm CWE-918
6.5
2022-09-09 CVE-2022-34165 Injection vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation.
network
low complexity
ibm CWE-74
5.4
2022-07-14 CVE-2022-22473 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data.
network
low complexity
ibm
5.3
2022-05-20 CVE-2022-22365 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames.
network
ibm
4.3
2021-09-16 CVE-2021-29842 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts.
network
low complexity
ibm CWE-307
5.0
2021-07-30 CVE-2021-29736 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system.
network
low complexity
ibm
6.5
2021-06-11 CVE-2021-29754 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI).
network
low complexity
ibm
6.5
2021-04-21 CVE-2021-20454 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
6.4
2021-04-08 CVE-2021-20480 Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
4.0