Vulnerabilities > IBM > Websphere Application Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-02 CVE-2023-26283 Unspecified vulnerability in IBM Websphere Application Server 9.0
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm
5.4
2022-11-11 CVE-2022-40750 Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-11-03 CVE-2022-38712 Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations.
network
high complexity
ibm CWE-290
5.9
2022-09-28 CVE-2022-35282 Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF).
low complexity
ibm CWE-918
6.5
2022-09-13 CVE-2022-34336 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-09-09 CVE-2022-34165 Injection vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation.
network
low complexity
ibm CWE-74
5.4
2022-07-14 CVE-2022-22473 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data.
network
low complexity
ibm
5.3
2022-07-14 CVE-2022-22477 Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2022-05-20 CVE-2022-22365 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames.
network
high complexity
ibm
5.9
2022-05-17 CVE-2022-22475 Unspecified vulnerability in IBM Open Liberty and Websphere Application Server
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user.
network
low complexity
ibm
6.5