Vulnerabilities > IBM > Websphere Application Server > 9.0.0.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-11 | CVE-2023-27554 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
2023-04-27 | CVE-2023-24966 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |
2022-11-03 | CVE-2022-38712 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. | 5.9 |
2022-09-28 | CVE-2022-35282 | Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). | 6.5 |
2022-09-09 | CVE-2022-34165 | Injection vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. | 5.4 |
2022-07-14 | CVE-2022-22473 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. | 5.3 |
2022-05-20 | CVE-2022-22365 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. network ibm | 4.3 |
2022-02-24 | CVE-2021-39038 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. | 3.5 |
2021-09-16 | CVE-2021-29842 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. | 5.0 |
2021-07-30 | CVE-2021-29736 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. | 6.5 |