Vulnerabilities > IBM > Websphere Application Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-02 | CVE-2023-50313 | Unspecified vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. low complexity ibm | 6.5 |
| 2024-03-31 | CVE-2024-22353 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. | 7.5 |
| 2023-08-16 | CVE-2023-38737 | Resource Exhaustion vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. | 7.5 |
| 2023-07-07 | CVE-2023-35890 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5.5.23/9.0.5.15/9.0.5.16 IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. | 5.5 |
| 2023-05-11 | CVE-2023-27554 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
| 2023-05-03 | CVE-2022-39161 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. | 5.3 |
| 2023-04-29 | CVE-2023-30441 | Unspecified vulnerability in IBM products IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. | 7.5 |
| 2023-04-27 | CVE-2023-24966 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2023-04-02 | CVE-2023-26283 | Unspecified vulnerability in IBM Websphere Application Server 9.0 IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. | 5.4 |
| 2023-02-03 | CVE-2023-23477 | Unspecified vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. | 9.8 |