Vulnerabilities > IBM > Websphere Application Server > 8.5.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-04 | CVE-2024-45086 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 5.5 |
| 2024-10-16 | CVE-2024-45071 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. | 4.8 |
| 2024-10-16 | CVE-2024-45072 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2024-07-09 | CVE-2024-35154 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. | 7.2 |
| 2024-06-27 | CVE-2024-35153 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.8 |
| 2023-05-11 | CVE-2023-27554 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.3 |
| 2023-04-27 | CVE-2023-24966 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2022-11-03 | CVE-2022-38712 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. | 5.9 |
| 2022-09-28 | CVE-2022-35282 | Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). | 6.5 |
| 2022-09-09 | CVE-2022-34165 | Injection vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. | 5.4 |