VYPR

Websphere Application Server

by IBM

CVEs (462)

  • CVE-2026-10845Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.

  • CVE-2026-9072Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can…

  • CVE-2026-8858Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker…

  • CVE-2025-14917Mar 25, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

  • CVE-2025-14915Mar 25, 2026
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.

  • CVE-2026-1561Mar 25, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network…

  • CVE-2025-14923Mar 3, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.

  • CVE-2025-13333Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.

  • CVE-2025-14914Feb 2, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

  • CVE-2025-12635Dec 8, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL…

  • CVE-2025-36099Sep 29, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.

  • CVE-2025-33142Aug 14, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

  • CVE-2025-36047Aug 14, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

  • CVE-2025-36000Aug 12, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2025-36124Aug 12, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration

  • CVE-2024-56339Aug 7, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

  • CVE-2025-36097Jul 16, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory…

  • CVE-2025-36038Jun 25, 2025
    risk 0.00cvss epss 0.08

    IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.

  • CVE-2025-33104May 14, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2025-27907Apr 22, 2025
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Page 5 of 24