CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22353 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2024-22353
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400. IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.3 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280400 https://www.ibm.com/support/pages/node/7145365 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerables a una inyección de encabezados HTTP, causada por una comprobación inapropiada. Esto podría permitir a un atacante conducir varios ataques contra el sistema vulnerable, incluyendo el envenenamiento de la caché y ataques de tipo cross-site scripting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 https://www.ibm.com/support/pages/node/6618747 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22476
https://notcve.org/view.php?id=CVE-2022-22476
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. IBM WebSphere Application Server Liberty versiones 17.0.0.3 hasta 22.0.0.7 y Open Liberty son vulnerables a una suplantación de identidad por parte de un usuario autenticado usando una petición especialmente diseñada. IBM X-Force ID: 225604 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225604 https://www.ibm.com/support/pages/node/6602015 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22475
https://notcve.org/view.php?id=CVE-2022-22475
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. IBM WebSphere Application Server Liberty y Open Liberty 17.0.0.3 a 22.0.0.5 son vulnerables a la suplantación de identidad por parte de un usuario autenticado. ID de IBM X-Force: 225603 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225603 https://www.ibm.com/support/pages/node/6586734 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22393
https://notcve.org/view.php?id=CVE-2022-22393
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078. IBM WebSphere Application Server Liberty versiones 17.0.0.3 hasta 22.0.0.5 , con la funcionalidad adminCenter-1.0 configurada, podría permitir a un usuario autenticado emitir una petición para obtener el estado de los puertos HTTP/HTTPS a los que accede el servidor de aplicaciones. IBM X-Force ID: 222078 • https://exchange.xforce.ibmcloud.com/vulnerabilities/222078 https://www.ibm.com/support/pages/node/6585704 •