Vulnerabilities > IBM > Websphere Application Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-14 CVE-2020-4365 Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery.
network
low complexity
ibm CWE-918
4.3
2020-05-06 CVE-2020-4421 Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify.
network
low complexity
ibm CWE-290
5.4
2020-05-06 CVE-2020-10693 A flaw was found in Hibernate Validator version 6.1.2.Final.
network
low complexity
redhat ibm quarkus oracle
5.3
2020-04-28 CVE-2020-4329 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking.
network
low complexity
ibm
4.3
2020-04-02 CVE-2020-4304 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2020-04-02 CVE-2020-4303 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2020-02-05 CVE-2019-4670 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation.
network
low complexity
ibm
6.5
2020-02-03 CVE-2019-4732 Untrusted Search Path vulnerability in IBM SDK and Websphere Application Server
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client.
local
low complexity
ibm CWE-426
6.5
2019-12-10 CVE-2019-4663 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-10-03 CVE-2019-4441 Information Exposure Through an Error Message vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
network
low complexity
ibm CWE-209
5.3