VYPR

WebSphere Application Server Liberty Profile

by IBM

CVEs (51)

  • CVE-2026-9320Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to…

  • CVE-2026-9071Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to…

  • CVE-2026-8646Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to…

  • CVE-2026-9072Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can…

  • CVE-2026-8858Jun 22, 2026
    risk 0.00cvss epss 0.00

    IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker…

  • CVE-2015-1882Apr 27, 2015
    risk 0.00cvss epss 0.03

    Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.

  • CVE-2014-8890Dec 18, 2014
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.

  • CVE-2014-4767Aug 22, 2014
    risk 0.00cvss epss 0.03

    IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

  • CVE-2014-0896May 1, 2014
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.

  • CVE-2013-4006Nov 18, 2013
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations.

  • CVE-2013-0540Apr 24, 2013
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.

Page 3 of 3