CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27270 – IBM WebSphere Application Server Liberty cross-site scripting
https://notcve.org/view.php?id=CVE-2024-27270
27 Mar 2024 — IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. IBM WebSphere Application Server Liberty 23.0.0.3 a 24.0.0.3 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en un URI especialmente manipulado. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50312 – IBM WebSphere Application Server Liberty information disclosure
https://notcve.org/view.php?id=CVE-2023-50312
01 Mar 2024 — IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711. IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.2 podría proporcionar una seguridad más débil de lo esperado para las conexiones TLS salientes causadas por una falla al respetar la configuración del usuario. ID de IBM X-Force: 274711. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274711 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46158 – IBM WebSphere Application Server session fixation
https://notcve.org/view.php?id=CVE-2023-46158
25 Oct 2023 — IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. IBM WebSphere Application Server Liberty 23.0.0.9 a 23.0.0.10 podría proporcionar una seguridad más débil de lo esperado debido a un manejo inadecuado de la caducidad de recursos. ID de IBM X-Force: 268775. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268775 • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38737 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2023-38737
16 Aug 2023 — IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567. IBM WebSphere Application Server Liberty 22.0.0.13 a 23.0.0.7 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente diseñada. Un atacante remoto podría aprovechar esta vulnerabilidad para hace... • https://exchange.xforce.ibmcloud.com/vulnerabilities/262567 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35890 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-35890
07 Jul 2023 — IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. IBM WebSphere Application Server v8.5 y v9.0 podrían proporcionar una seguridad más débil de lo esperado, causada por la codificación incorrecta en un archivo de configuración local. ID de IBM X-Force: 258637. • https://https://www.ibm.com/support/pages/node/7007857 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27554 – IBM WebSphere Application Server XML external entity injection
https://notcve.org/view.php?id=CVE-2023-27554
11 May 2023 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249185 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39161 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2022-39161
03 May 2023 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235069 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30441 – IBM Java information disclosure
https://notcve.org/view.php?id=CVE-2023-30441
29 Apr 2023 — IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24966 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-24966
27 Apr 2023 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246904 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26283 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-26283
22 Mar 2023 — IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •