CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2022-38712
https://notcve.org/view.php?id=CVE-2022-38712
03 Nov 2022 — "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762." "IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podrían permitir que un atacante intermediario realice suplantación de SOAPAction para ejecutar operaciones no deseadas o no autorizadas. ID de IBM X-Force: 234762". • https://www.ibm.com/support/pages/node/6829907 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35282
https://notcve.org/view.php?id=CVE-2022-35282
28 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante con acceso a la red local podría aprovechar esta vulnerabilidad para obten... • https://exchange.xforce.ibmcloud.com/vulnerabilities/230809 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-34336
https://notcve.org/view.php?id=CVE-2022-34336
13 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
09 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerable... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-22477
https://notcve.org/view.php?id=CVE-2022-22477
14 Jul 2022 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. IBM WebSphere Application Server versiones 8.5 y 9.0 es vulnerable al cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22473
https://notcve.org/view.php?id=CVE-2022-22473
14 Jul 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 podría permitir a un atacante remoto obtener información confidencial causada por un manejo inapropiado de los datos de la Consola Administrativa. Esta información podría usarse... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225347 •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22365
https://notcve.org/view.php?id=CVE-2022-22365
20 May 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, con la aplicación web Ajax Proxy (AjaxProxy.war) desplegada, es vulnerable a una suplantación de identidad al permitir a un atacante de tipo man-in-the-middle suplantar los nombres de host del servidor SSL. ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220904 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39038
https://notcve.org/view.php?id=CVE-2021-39038
24 Feb 2022 — IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. IBM WebSphere Application Server versión 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213968 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-38951
https://notcve.org/view.php?id=CVE-2021-38951
09 Dec 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a una denegación de servicio, causada por el envío de una petición especialmente diseñada. Un atacante remoto podría aprovechar esta vulnerabilidad para causa... • https://exchange.xforce.ibmcloud.com/vulnerabilities/211405 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29842
https://notcve.org/view.php?id=CVE-2021-29842
16 Sep 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5, 9.0 y Liberty versiones 17.0.0.3 hasta 21.0.0.9, podrían permitir a un usuario remoto enumerar nombres de usuario debido a una diferencia de respuestas de intentos de inicio de sesión válidos y no válidos. IBM X-Force I... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205202 • CWE-307: Improper Restriction of Excessive Authentication Attempts •