CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35153 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-35153
27 Jun 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292640 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37532 – IBM WebSphere Application Server identity spoofing
https://notcve.org/view.php?id=CVE-2024-37532
20 Jun 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294721 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28764 – IBM WebSphere Automation CSV injection
https://notcve.org/view.php?id=CVE-2024-28764
01 May 2024 — IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623. IBM WebSphere Automation 1.7.0 podría permitir que un atacante con acceso privilegiado a la red realice una inyección CSV. Un atacante podría ejecutar comandos arbitrarios en el sistema, causados por una validación inadecuada del contenido del archivo csv... • https://exchange.xforce.ibmcloud.com/vulnerabilities/285623 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28775 – IBM WebSphere Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28775
01 May 2024 — IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648. IBM WebSphere Automation 1.7.0 es vulnerable a Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, l... • https://exchange.xforce.ibmcloud.com/vulnerabilities/285648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25026 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2024-25026
25 Apr 2024 — IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.4 son vulnerables a una denegación de servicio provocada por el envío de una solicitud... • https://exchange.xforce.ibmcloud.com/vulnerabilities/281516 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22329 – IBM WebSphere Application Server server-side request forgery
https://notcve.org/view.php?id=CVE-2024-22329
17 Apr 2024 — IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951. IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a server-side request forgery (SSRF). Al enviar una solicitud especialmente manipulada, un ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/279951 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22354 – IBM WebSphere Application Server XML external entity injection
https://notcve.org/view.php?id=CVE-2024-22354
17 Apr 2024 — IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401. IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/280401 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-27268 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2024-27268
04 Apr 2024 — IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574. IBM WebSphere Application Server Liberty 18.0.0.2 a 24.0.0.3 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hace... • https://exchange.xforce.ibmcloud.com/vulnerabilities/284574 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50313 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50313
02 Apr 2024 — IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. IBM WebSphere Application Server 8.5 y 9.0 podría proporcionar una seguridad más débil de lo esperado para las conexiones TLS salientes causadas por una falla al respetar la configuración del usuario. ID de IBM X-Force: 274812. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274812 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22353 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2024-22353
31 Mar 2024 — IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hace... • https://exchange.xforce.ibmcloud.com/vulnerabilities/280400 • CWE-770: Allocation of Resources Without Limits or Throttling •