Vulnerabilities > IBM > Websphere Application Server > 9.0.0.3

DATE CVE VULNERABILITY TITLE RISK
2023-05-11 CVE-2023-27554 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
9.1
2023-04-27 CVE-2023-24966 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2022-11-03 CVE-2022-38712 Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations.
network
high complexity
ibm CWE-290
5.9
2022-09-28 CVE-2022-35282 Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF).
low complexity
ibm CWE-918
6.5
2022-09-09 CVE-2022-34165 Injection vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation.
network
low complexity
ibm CWE-74
5.4
2022-07-14 CVE-2022-22473 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data.
network
low complexity
ibm
5.3
2022-05-20 CVE-2022-22365 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames.
network
ibm
4.3
2022-02-24 CVE-2021-39038 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim.
network
ibm CWE-1021
3.5
2021-09-16 CVE-2021-29842 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts.
network
low complexity
ibm CWE-307
5.0
2021-07-30 CVE-2021-29736 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system.
network
low complexity
ibm
6.5