Vulnerabilities > IBM > Websphere Application Server

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-22475 Unspecified vulnerability in IBM Open Liberty and Websphere Application Server
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user.
network
low complexity
ibm
6.5
2022-05-13 CVE-2022-22393 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server.
network
low complexity
ibm
6.5
2022-02-24 CVE-2021-39038 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-1021
5.4
2022-01-25 CVE-2021-39031 Injection vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection.
network
low complexity
ibm CWE-74
8.8
2022-01-19 CVE-2022-22310 Unspecified vulnerability in IBM Websphere Application Server 21.0.0.10/21.0.0.12
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security.
network
low complexity
ibm
6.5
2021-12-09 CVE-2021-38951 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request.
network
low complexity
ibm
7.5
2021-09-16 CVE-2021-29842 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts.
network
low complexity
ibm CWE-307
5.3
2021-07-30 CVE-2021-29736 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system.
network
low complexity
ibm
8.8
2021-06-11 CVE-2021-29754 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI).
network
low complexity
ibm
8.8
2021-05-26 CVE-2021-20492 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2