Vulnerabilities > IBM > Websphere Application Server > 8.5.5.23

DATE CVE VULNERABILITY TITLE RISK
2024-11-04 CVE-2024-45086 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
2024-10-16 CVE-2024-45071 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
4.8
2024-10-16 CVE-2024-45072 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
2024-07-09 CVE-2024-35154 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code.
network
low complexity
ibm
7.2
2024-06-27 CVE-2024-35153 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
4.8
2023-07-07 CVE-2023-35890 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5.5.23/9.0.5.15/9.0.5.16
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file.
local
low complexity
ibm CWE-327
5.5
2023-05-11 CVE-2023-27554 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
6.3
2023-04-27 CVE-2023-24966 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
6.1