VYPR

Websphere Application Server

by IBM

CVEs (462)

  • CVE-2017-1788MedMar 22, 2018
    risk 0.35cvss 5.3epss 0.02

    IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031.

  • CVE-2017-1380MedJul 24, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-9736MedJun 8, 2017
    risk 0.35cvss 5.3epss 0.02

    IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.

  • CVE-2017-1121MedFeb 13, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2016-8934MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-3042MedOct 1, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.

  • CVE-2016-0389MedJul 7, 2016
    risk 0.35cvss 5.3epss 0.02

    Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-7417MedJan 23, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.

  • CVE-2026-4410MedMay 27, 2026
    risk 0.31cvss 4.8epss 0.01

    IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit…

  • CVE-2026-5516MedMay 27, 2026
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window.

  • CVE-2018-1621MedJul 6, 2018
    risk 0.29cvss 4.4epss 0.00

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.

  • CVE-2017-1743MedMay 4, 2018
    risk 0.28cvss 4.3epss 0.02

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.

  • CVE-2017-1741MedMar 14, 2018
    risk 0.28cvss 4.3epss 0.02

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.

  • CVE-2016-0377MedOct 22, 2016
    risk 0.28cvss 4.3epss 0.02

    The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-2960LowAug 8, 2016
    risk 0.27cvss 3.7epss 0.40

    IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.

  • CVE-2016-0378LowNov 24, 2016
    risk 0.24cvss 3.7epss 0.02

    IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.

  • CVE-2017-1681LowJan 11, 2018
    risk 0.21cvss 3.3epss 0.00

    IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.

  • CVE-2017-1381LowJul 21, 2017
    risk 0.21cvss 3.3epss 0.00

    IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.

  • CVE-2016-0385LowSep 1, 2016
    risk 0.20cvss 3.1epss 0.01

    Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via…

  • CVE-2019-4279May 17, 2019
    risk 0.10cvss epss 0.80

    IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.

Page 3 of 24