CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45085 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2024-45085
15 Oct 2024 — IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. • https://www.ibm.com/support/pages/node/7173128 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50313 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50313
02 Apr 2024 — IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. IBM WebSphere Application Server 8.5 y 9.0 podría proporcionar una seguridad más débil de lo esperado para las conexiones TLS salientes causadas por una falla al respetar la configuración del usuario. ID de IBM X-Force: 274812. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274812 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22353 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2024-22353
31 Mar 2024 — IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hace... • https://exchange.xforce.ibmcloud.com/vulnerabilities/280400 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35890 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-35890
07 Jul 2023 — IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. IBM WebSphere Application Server v8.5 y v9.0 podrían proporcionar una seguridad más débil de lo esperado, causada por la codificación incorrecta en un archivo de configuración local. ID de IBM X-Force: 258637. • https://https://www.ibm.com/support/pages/node/7007857 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27554 – IBM WebSphere Application Server XML external entity injection
https://notcve.org/view.php?id=CVE-2023-27554
11 May 2023 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249185 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39161 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2022-39161
03 May 2023 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235069 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30441 – IBM Java information disclosure
https://notcve.org/view.php?id=CVE-2023-30441
29 Apr 2023 — IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24966 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-24966
27 Apr 2023 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246904 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26283 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-26283
22 Mar 2023 — IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-23477 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2023-23477
03 Feb 2023 — IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245513 • CWE-94: Improper Control of Generation of Code ('Code Injection') •