Vulnerabilities > IBM > Websphere Application Server > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-45085 Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request.
network
low complexity
ibm CWE-754
7.5
2024-08-14 CVE-2023-50314 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks.
network
low complexity
ibm
7.5
2024-07-09 CVE-2024-35154 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code.
network
low complexity
ibm
7.2
2024-06-20 CVE-2024-37532 Improper Verification of Cryptographic Signature vulnerability in IBM Websphere Application Server 8.5.0.0/9.0.0.0
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation.
network
low complexity
ibm CWE-347
8.8
2024-03-31 CVE-2024-22353 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request.
network
low complexity
ibm
7.5
2023-08-16 CVE-2023-38737 Resource Exhaustion vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request.
network
low complexity
ibm CWE-400
7.5
2023-04-29 CVE-2023-30441 Unspecified vulnerability in IBM products
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations.
network
low complexity
ibm
7.5
2023-01-26 CVE-2022-43917 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information.
network
low complexity
ibm CWE-327
7.5
2022-07-08 CVE-2022-22476 Authentication Bypass by Spoofing vulnerability in IBM Open Liberty and Websphere Application Server
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request.
network
low complexity
ibm CWE-290
8.8
2022-01-25 CVE-2021-39031 Injection vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection.
network
low complexity
ibm CWE-74
8.8