Vulnerabilities > IBM > Websphere Application Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-11 | CVE-2024-45087 | Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.8 |
| 2024-11-04 | CVE-2024-45086 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. | 5.5 |
| 2024-10-16 | CVE-2024-45071 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. | 4.8 |
| 2024-10-16 | CVE-2024-45072 | XXE vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2024-08-14 | CVE-2023-50315 | Unspecified vulnerability in IBM Websphere Application Server 8.5.0.0/9.0.0.0 IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. | 5.9 |
| 2024-06-27 | CVE-2024-35153 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 4.8 |
| 2024-04-02 | CVE-2023-50313 | Unspecified vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. low complexity ibm | 6.5 |
| 2023-07-07 | CVE-2023-35890 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 8.5.5.23/9.0.5.15/9.0.5.16 IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. | 5.5 |
| 2023-05-03 | CVE-2022-39161 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. | 5.3 |
| 2023-04-27 | CVE-2023-24966 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |