CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35282
https://notcve.org/view.php?id=CVE-2022-35282
28 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante con acceso a la red local podría aprovechar esta vulnerabilidad para obten... • https://exchange.xforce.ibmcloud.com/vulnerabilities/230809 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-34336
https://notcve.org/view.php?id=CVE-2022-34336
13 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
09 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerable... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-22477
https://notcve.org/view.php?id=CVE-2022-22477
14 Jul 2022 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. IBM WebSphere Application Server versiones 8.5 y 9.0 es vulnerable al cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22473
https://notcve.org/view.php?id=CVE-2022-22473
14 Jul 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 podría permitir a un atacante remoto obtener información confidencial causada por un manejo inapropiado de los datos de la Consola Administrativa. Esta información podría usarse... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225347 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22476
https://notcve.org/view.php?id=CVE-2022-22476
08 Jul 2022 — IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. IBM WebSphere Application Server Liberty versiones 17.0.0.3 hasta 22.0.0.7 y Open Liberty son vulnerables a una suplantación de identidad por parte de un usuario autenticado usando una petición especialmente diseñada. IBM X-Force ID: 225604 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225604 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22365
https://notcve.org/view.php?id=CVE-2022-22365
20 May 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, con la aplicación web Ajax Proxy (AjaxProxy.war) desplegada, es vulnerable a una suplantación de identidad al permitir a un atacante de tipo man-in-the-middle suplantar los nombres de host del servidor SSL. ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220904 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22475
https://notcve.org/view.php?id=CVE-2022-22475
17 May 2022 — IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. IBM WebSphere Application Server Liberty y Open Liberty 17.0.0.3 a 22.0.0.5 son vulnerables a la suplantación de identidad por parte de un usuario autenticado. ID de IBM X-Force: 225603 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225603 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22393
https://notcve.org/view.php?id=CVE-2022-22393
13 May 2022 — IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078. IBM WebSphere Application Server Liberty versiones 17.0.0.3 hasta 22.0.0.5 , con la funcionalidad adminCenter-1.0 configurada, podría permitir a un usuario autenticado emitir una petición para obtener el estado de los puertos HTTP/H... • https://exchange.xforce.ibmcloud.com/vulnerabilities/222078 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39038
https://notcve.org/view.php?id=CVE-2021-39038
24 Feb 2022 — IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. IBM WebSphere Application Server versión 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213968 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •