CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25026 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2024-25026
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.4 son vulnerables a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281516 https://www.ibm.com/support/pages/node/7149330 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22329 – IBM WebSphere Application Server server-side request forgery
https://notcve.org/view.php?id=CVE-2024-22329
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951. IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a server-side request forgery (SSRF). Al enviar una solicitud especialmente manipulada, un atacante podría aprovechar esta vulnerabilidad para realizar el ataque SSRF. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279951 https://www.ibm.com/support/pages/node/7148380 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22354 – IBM WebSphere Application Server XML external entity injection
https://notcve.org/view.php?id=CVE-2024-22354
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401. IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 son vulnerables a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial, consumir recursos de memoria o realizar un ataque de server-side request forgery. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280401 https://www.ibm.com/support/pages/node/7148426 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27268 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2024-27268
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574. IBM WebSphere Application Server Liberty 18.0.0.2 a 24.0.0.3 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284574 https://www.ibm.com/support/pages/node/7145809 https://www.kb.cert.org/vuls/id/421644 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27270 – IBM WebSphere Application Server Liberty cross-site scripting
https://notcve.org/view.php?id=CVE-2024-27270
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. IBM WebSphere Application Server Liberty 23.0.0.3 a 24.0.0.3 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en un URI especialmente manipulado. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284576 https://www.ibm.com/support/pages/node/7145231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •