VYPR

WebSphere Application Server Liberty Profile

by IBM

CVEs (51)

  • CVE-2022-22476HigJul 8, 2022
    risk 0.57cvss 8.8epss 0.01

    IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.

  • CVE-2021-39031HigJan 25, 2022
    risk 0.57cvss 8.8epss 0.02

    IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to…

  • CVE-2025-36097HigJul 16, 2025
    risk 0.49cvss 7.5epss 0.00

    IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory…

  • CVE-2018-1851HigOct 31, 2018
    risk 0.48cvss 7.3epss 0.04

    IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute…

  • CVE-2024-22354HigApr 17, 2024
    risk 0.46cvss 7.0epss 0.01

    IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive…

  • CVE-2016-3040MedSep 26, 2016
    risk 0.44cvss 6.8epss 0.01

    IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2022-22475MedMay 17, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.

  • CVE-2022-22393MedMay 13, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078.

  • CVE-2022-22310MedJan 19, 2022
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.

  • CVE-2020-4590MedSep 21, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.

  • CVE-2019-4304MedSep 30, 2019
    risk 0.41cvss 6.3epss 0.01

    IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.

  • CVE-2020-4304MedApr 2, 2020
    risk 0.40cvss 6.1epss 0.01

    IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2020-4303MedApr 2, 2020
    risk 0.40cvss 6.1epss 0.01

    IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2016-0283MedMar 19, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2018-1683MedSep 26, 2018
    risk 0.39cvss 5.9epss 0.02

    IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455.

  • CVE-2018-1755MedAug 24, 2018
    risk 0.39cvss 5.9epss 0.03

    IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is…

  • CVE-2025-36124MedAug 12, 2025
    risk 0.38cvss 5.9epss 0.00

    IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration

  • CVE-2024-25026MedApr 25, 2024
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to…

  • CVE-2024-27268MedApr 4, 2024
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.

  • CVE-2024-22353MedMar 31, 2024
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.

Page 1 of 3

VYPR — Vulnerability Intelligence