CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45087 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45087
11 Nov 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7175393 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45086 – IBM WebSphere Application Server XML external entity injection
https://notcve.org/view.php?id=CVE-2024-45086
04 Nov 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. • https://www.ibm.com/support/pages/node/7174745 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45071 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45071
16 Oct 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite que un usuario privilegiado incorpore código JavaScript arbitrario en la interfaz de usuario we... • https://www.ibm.com/support/pages/node/7173270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45072 – IBM WebSphere Application Server XML external entity injection
https://notcve.org/view.php?id=CVE-2024-45072
16 Oct 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a un ataque de inyección de entidad externa (XXE) de XML al procesar datos XML. Un usuario privilegiado podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memori... • https://www.ibm.com/support/pages/node/7173263 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45085 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2024-45085
15 Oct 2024 — IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. • https://www.ibm.com/support/pages/node/7173128 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45073 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45073
30 Sep 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7171755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50315 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50315
14 Aug 2024 — IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274714 • CWE-295: Improper Certificate Validation •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 0CVE-2024-35154 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2024-35154
09 Jul 2024 — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641. IBM WebSphere Application Server 8.5 y 9.0 podría permitir que un atacante remoto autenticado, que haya autorizado acceso a la consola administrativa, ejecute código arbitrario. Utilizando entrada... • https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35153 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-35153
27 Jun 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292640 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37532 – IBM WebSphere Application Server identity spoofing
https://notcve.org/view.php?id=CVE-2024-37532
20 Jun 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294721 • CWE-347: Improper Verification of Cryptographic Signature •