Vulnerabilities > IBM > Websphere Application Server

DATE CVE VULNERABILITY TITLE RISK
2021-02-18 CVE-2021-20354 Path Traversal vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories.
network
low complexity
ibm CWE-22
7.5
7.5
2021-02-10 CVE-2021-20353 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
8.2
2021-01-26 CVE-2020-4949 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
8.2
2020-10-28 CVE-2020-4782 Path Traversal vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
6.5
2020-10-01 CVE-2020-4576 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects.
network
low complexity
ibm
7.5
7.5
2020-09-30 CVE-2020-4629 Information Exposure Through an Error Message vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message.
local
low complexity
ibm CWE-209
3.3
3.3
2020-09-21 CVE-2020-4643 XXE vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.5
7.5
2020-09-21 CVE-2020-4590 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client.
network
low complexity
ibm
6.5
6.5
2020-09-10 CVE-2020-4578 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-08-27 CVE-2020-4575 Cross-site Scripting vulnerability in IBM products
IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured.
network
low complexity
ibm CWE-79
6.1
6.1