Vulnerabilities > IBM > Websphere Application Server

DATE CVE VULNERABILITY TITLE RISK
2020-05-14 CVE-2020-4365 Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery.
network
low complexity
ibm CWE-918
4.3
2020-05-06 CVE-2020-4421 Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify.
network
low complexity
ibm CWE-290
5.4
2020-05-06 CVE-2020-10693 A flaw was found in Hibernate Validator version 6.1.2.Final.
network
low complexity
redhat ibm quarkus oracle
5.3
2020-04-28 CVE-2020-4329 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking.
network
low complexity
ibm
4.3
2020-04-10 CVE-2020-4362 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.
network
low complexity
ibm
8.8
2020-04-02 CVE-2020-4304 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2020-04-02 CVE-2020-4303 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2020-03-26 CVE-2020-4276 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.
network
high complexity
ibm
7.5
2020-02-05 CVE-2019-4670 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation.
network
low complexity
ibm
6.5
2020-02-04 CVE-2020-4163 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed.
network
low complexity
ibm
7.2