CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-33142 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2025-33142
14 Aug 2025 — IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. • https://www.ibm.com/support/pages/node/7242172 • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36047 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2025-36047
14 Aug 2025 — IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. • https://www.ibm.com/support/pages/node/7242086 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36000 – IBM WebSphere Application Server Liberty cross-site scripting
https://notcve.org/view.php?id=CVE-2025-36000
12 Aug 2025 — IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7242026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36124 – IBM WebSphere Application Server Liberty bypass security
https://notcve.org/view.php?id=CVE-2025-36124
12 Aug 2025 — IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration • https://www.ibm.com/support/pages/node/7242027 • CWE-268: Privilege Chaining •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56339 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2024-56339
07 Aug 2025 — IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration. IBM WebSphere Application Server 9.0 y WebSphere Application Server Liberty 17.0.0.3 a 25.0.0.7 podrían permitir que un atacante remoto eluda las restricciones de seguridad causadas por un fallo en el respeto de la configuración de seguridad. IBM WebSphere Application Server 9.0 and WebSphere... • https://www.ibm.com/support/pages/node/7239955 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36097 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2025-36097
16 Jul 2025 — IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources. • https://www.ibm.com/support/pages/node/7239856 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36038 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2025-36038
25 Jun 2025 — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. • https://www.ibm.com/support/pages/node/7237967 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-33104 – IBM WebSphere Application Server cross
https://notcve.org/view.php?id=CVE-2025-33104
14 May 2025 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7233438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27907 – IBM WebSphere Application Server server-side request forgery
https://notcve.org/view.php?id=CVE-2025-27907
22 Apr 2025 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a server-side request forgery (SSRF). Esto podría permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilit... • https://www.ibm.com/support/pages/node/7231514 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45087 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45087
11 Nov 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7175393 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •