CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-33104 – CWE-79
https://notcve.org/view.php?id=CVE-2025-33104
14 May 2025 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7233438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27907 – IBM WebSphere Application Server server-side request forgery
https://notcve.org/view.php?id=CVE-2025-27907
22 Apr 2025 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a server-side request forgery (SSRF). Esto podría permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilit... • https://www.ibm.com/support/pages/node/7231514 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45087 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45087
11 Nov 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7175393 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45086 – IBM WebSphere Application Server XML external entity injection
https://notcve.org/view.php?id=CVE-2024-45086
04 Nov 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. • https://www.ibm.com/support/pages/node/7174745 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45071 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45071
16 Oct 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite que un usuario privilegiado incorpore código JavaScript arbitrario en la interfaz de usuario we... • https://www.ibm.com/support/pages/node/7173270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45072 – IBM WebSphere Application Server XML external entity injection
https://notcve.org/view.php?id=CVE-2024-45072
16 Oct 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a un ataque de inyección de entidad externa (XXE) de XML al procesar datos XML. Un usuario privilegiado podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memori... • https://www.ibm.com/support/pages/node/7173263 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45085 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2024-45085
15 Oct 2024 — IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. • https://www.ibm.com/support/pages/node/7173128 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45073 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45073
30 Sep 2024 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7171755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50315 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50315
14 Aug 2024 — IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274714 • CWE-295: Improper Certificate Validation •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35154 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2024-35154
09 Jul 2024 — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641. IBM WebSphere Application Server 8.5 y 9.0 podría permitir que un atacante remoto autenticado, que haya autorizado acceso a la consola administrativa, ejecute código arbitrario. Utilizando entrada... • https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 • CWE-250: Execution with Unnecessary Privileges •