Home/Product/ibm websphere application server
Product

ibm websphere application server

444 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-3621
>= 17.0.0.3 and < 26.0.0.5
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to ide
7.5HIGH
 CVE-2026-1561
>= 17.0.0.3 and < 26.0.0.4
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to ser
5.4MEDIUM
 CVE-2025-14917
>= 17.0.0.3 and < 26.0.0.4
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker
6.7MEDIUM
 CVE-2025-14915
>= 17.0.0.3 and < 26.0.0.4
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privi
6.5MEDIUM
 CVE-2025-14923
>= 17.0.0.3 and < 26.0.0.3
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker
4.7MEDIUM
 CVE-2025-13333
all versions
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security
4.4MEDIUM
 CVE-2025-14914
>= 17.0.0.3 and <= 26.0.0.1
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containi
7.6HIGH
 CVE-2025-12635
>= 8.5 and < 8.5.5.29
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by
5.4MEDIUM
 CVE-2025-36099
all versions
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request.
4.9MEDIUM
 CVE-2025-36047
>= 18.0.0.2 and < 25.0.0.9
IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a speci
5.3MEDIUM
 CVE-2025-33142
>= 8.5.0.0 and < 8.5.5.29
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.
5.3MEDIUM
 CVE-2025-36000
>= 17.0.0.3 and < 25.0.0.9
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerabil
4.4MEDIUM
 CVE-2025-36124
>= 17.0.0.3 and < 25.0.0.9
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions c
5.9MEDIUM
 CVE-2024-56339
>= 17.0.0.3 and <= 25.0.0.7
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote atta
3.7LOW
 CVE-2025-36097
>= 9.0.0.0 and < 9.0.5.24
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial
7.5HIGH
 CVE-2025-36038
>= 8.5 and < 8.5.5.28
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a speciall
9.0CRITICAL
 CVE-2025-33104
>= 8.5 and < 8.5.5.28
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbit
4.4MEDIUM
 CVE-2025-27907
>= 8.5 and < 8.5.5.28
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated
4.1MEDIUM
 CVE-2024-45087
all versions
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to
4.8MEDIUM
 CVE-2024-45086
>= 8.5.0.0 and < 8.5.5.27
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML da
5.5MEDIUM
 CVE-2024-45072
>= 8.5.0.0 and <= 8.5.5.26
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML da
5.5MEDIUM
 CVE-2024-45071
>= 8.5.0.0 and <= 8.5.5.26
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged
5.5MEDIUM
 CVE-2024-45085
>= 8.5.0.0 and < 8.5.5.27
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected s
5.9MEDIUM
 CVE-2024-45073
all versions
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged
4.8MEDIUM
 CVE-2023-50314
>= 17.0.0.3 and <= 24.0.0.8
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct s
5.3MEDIUM
 CVE-2023-50315
all versions
IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An a
5.3MEDIUM
 CVE-2024-35154
>= 8.5.0.0 and <= 8.5.5.25
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the adminis
7.2HIGH
 CVE-2024-35153
>= 8.5.0.0 and < 8.5.5.26
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to
4.8MEDIUM
 CVE-2024-37532
all versions
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature
8.8HIGH
 CVE-2024-25026
>= 17.0.0.3 and <= 24.0.0.4
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to
5.9MEDIUM
 CVE-2024-22329
>= 17.0.0.3 and < 24.0.0.4
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to
4.3MEDIUM
 CVE-2024-22354
>= 17.0.0.3 and < 24.0.0.6
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to
7.0HIGH
 CVE-2024-27268
>= 18.0.0.2 and < 24.0.0.5
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a speci
5.9MEDIUM
 CVE-2023-50313
all versions
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a
5.3MEDIUM
 CVE-2024-22353
>= 17.0.0.3 and <= 24.0.0.3
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a speci
5.9MEDIUM
 CVE-2024-27270
>= 23.0.0.3 and < 24.0.0.4
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allow
4.7MEDIUM
 CVE-2023-50312
>= 17.0.0.3 and < 24.0.0.3
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS co
5.3MEDIUM
 CVE-2023-38737
>= 22.0.0.13 and <= 23.0.0.7
IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a spec
5.9MEDIUM
 CVE-2023-35890
all versions
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a loc
5.1MEDIUM
 CVE-2023-27554
>= 8.5.0.0 and < 8.5.5.24
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML da
6.3MEDIUM
 CVE-2022-39161
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate
4.8MEDIUM
 CVE-2023-30441
>= 8.5.0.0 and < 8.5.5.23
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive in
7.5HIGH
 CVE-2023-24966
>= 8.5.0.0 and < 8.5.5.24
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbit
6.1MEDIUM
 CVE-2023-26283
all versions
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Jav
5.4MEDIUM
 CVE-2023-23477
all versions
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system wit
8.1HIGH
 CVE-2022-43917
all versions
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow a
5.9MEDIUM
 CVE-2022-40750
all versions
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbi
5.4MEDIUM
 CVE-2022-38712
>= 7.0.0.0 and < 7.0.0.45
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPActi
5.9MEDIUM
 CVE-2022-35282
>= 7.0.0.0 and < 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a speciall
6.5MEDIUM
 CVE-2022-34336
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to
5.4MEDIUM
 CVE-2022-34165
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are
5.4MEDIUM
 CVE-2022-22477
all versions
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbit
6.1MEDIUM
 CVE-2022-22473
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by im
5.3MEDIUM
 CVE-2022-22476
>= 17.0.0.3 and < 22.0.0.8
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an auth
8.8HIGH
 CVE-2022-22365
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerab
5.9MEDIUM
 CVE-2022-22475
>= 17.0.0.3 and <= 22.0.0.5
IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an auth
6.5MEDIUM
 CVE-2022-22393
>= 17.0.0.3 and <= 22.0.0.5
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an a
6.5MEDIUM
 CVE-2021-39038
>= 9.0.0.0 and < 9.0.5.12
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote a
5.4MEDIUM
 CVE-2021-39031
>= 17.0.0.3 and <= 22.0.0.1
IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDA
8.8HIGH
 CVE-2022-22310
>= 21.0.0.10 and <= 21.0.0.12
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacke
6.5MEDIUM
 CVE-2021-38951
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafte
7.5HIGH
 CVE-2021-29842
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate u
5.3MEDIUM
 CVE-2021-29736
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X
8.8HIGH
 CVE-2021-29754
>= 7.0.0.0 and < 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML
8.8HIGH
 CVE-2021-20492
>= 8.0.0.0 and <= 8.0.0.15
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) att
8.2HIGH
 CVE-2021-20454
>= 8.5.0.0 and <= 8.5.5.19
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when process
8.2HIGH
 CVE-2021-20453
>= 8.0.0.0 and < 8.0.0.15
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing X
8.2HIGH
 CVE-2021-20480
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially cra
6.5MEDIUM
 CVE-2020-5016
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When
6.5MEDIUM
 CVE-2021-20354
>= 8.0.0.0 and <= 8.0.0.15
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a
7.5HIGH
 CVE-2021-20353
>= 7.0.0.0 and < 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when proces
8.2HIGH
 CVE-2020-4949
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when proces
8.2HIGH
 CVE-2020-4782
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An at
6.5MEDIUM
 CVE-2020-4576
>= 7.0.0.0 and < 7.0.0.45
IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information
7.5HIGH
 CVE-2020-4629
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive infor
3.3LOW
 CVE-2020-4643
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when proces
7.5HIGH
 CVE-2020-4590
>= 17.0.0.3 and <= 20.0.0.9
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is
6.5MEDIUM
 CVE-2020-4578
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to
5.4MEDIUM
 CVE-2020-4575
>= 8.5.0.0 and < 8.5.5.18
IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scr
6.1MEDIUM
 CVE-2020-4589
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with
9.8CRITICAL
 CVE-2020-4534
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on
8.8HIGH
 CVE-2020-4464
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a s
8.8HIGH
 CVE-2020-4450
>= 8.5.0.0 and < 8.5.5.18
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system wit
9.8CRITICAL
 CVE-2020-4449
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information
7.5HIGH
 CVE-2020-4448
>= 8.5.0.0 and < 8.5.5.18
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code
9.8CRITICAL
 CVE-2020-4365
>= 8.5.0.0 and <= 8.5.5.17
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remot
4.3MEDIUM
 CVE-2020-4421
>= 19.0.0.5 and < 20.0.0.5
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another
5.4MEDIUM
 CVE-2020-10693
>= 17.0.0.3 and <= 20.0.0.10
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expre
5.3MEDIUM
 CVE-2020-4329
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated atta
4.3MEDIUM
 CVE-2020-4362
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when usi
8.8HIGH
 CVE-2020-4304
>= 17.0.0.3 and <= 20.0.0.3
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability all
6.1MEDIUM
 CVE-2020-4303
>= 17.0.0.3 and <= 20.0.0.3
IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability all
6.1MEDIUM
 CVE-2020-4276
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when usi
7.5HIGH
 CVE-2019-4670
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by im
6.5MEDIUM
 CVE-2020-4163
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create
7.2HIGH
 CVE-2019-4732
all versions
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could al
6.5MEDIUM
 CVE-2019-4720
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafte
7.5HIGH
 CVE-2019-4663
>= 17.0.0.3 and < 19.0.0.11
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitra
5.4MEDIUM
 CVE-2019-4441
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information whe
5.3MEDIUM
 CVE-2019-4305
< 19.0.0.10
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper sett
5.3MEDIUM
 CVE-2019-4304
< 19.0.0.10
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper sessio
6.3MEDIUM
 CVE-2019-4505
>= 8.5.0.0 and <= 8.5.5.16
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive infor
5.3MEDIUM
 CVE-2019-4477
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive informati
6.5MEDIUM
 CVE-2019-4442
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system.
4.3MEDIUM
 CVE-2019-4271
>= 8.5.0.0 and <= 8.5.5.15
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vuln
3.5LOW
 CVE-2019-4270
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability al
5.4MEDIUM
 CVE-2019-4268
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An at
5.3MEDIUM
 CVE-2019-4285
all versions
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim.
5.4MEDIUM
 CVE-2019-4269
>= 9.0.0.0 and <= 9.0.0.11
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive informatio
7.5HIGH
 CVE-2019-4279
>= 8.5.0.0 and <= 8.5.5.15
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a speciall
9.8CRITICAL
 CVE-2019-4080
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by im
6.5MEDIUM
 CVE-2019-4046
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of reque
7.5HIGH
 CVE-2018-1902
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could
3.1LOW
 CVE-2019-4030
>= 8.5.0.0 and <= 8.5.5.14
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbit
5.4MEDIUM
 CVE-2018-1996
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS co
5.3MEDIUM
 CVE-2018-1926
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by impro
4.3MEDIUM
 CVE-2018-1901
>= 8.5.0.0 and <= 8.5.5.14
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system,
5.0MEDIUM
 CVE-2018-1904
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an adm
8.1HIGH
 CVE-2018-1957
>= 9.0.0.0 and <= 9.0.0.9
IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the applicat
4.0MEDIUM
 CVE-2018-1840
>= 8.5.0.0 and <= 8.5.5.14
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when
6.0MEDIUM
 CVE-2018-1905
>= 9.0.0.0 and <= 9.0.0.9
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when proces
7.1HIGH
 CVE-2018-1797
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to tra
6.3MEDIUM
 CVE-2018-1643
>= 7.0.0.0 and <= 7.0.0.45
The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scriptin
6.1MEDIUM
 CVE-2018-1798
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to
6.1MEDIUM
 CVE-2018-1851
< 18.0.0.3
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, cau
7.3HIGH
 CVE-2018-1767
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability all
6.1MEDIUM
 CVE-2018-1777
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to
5.4MEDIUM
 CVE-2018-1770
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An at
6.5MEDIUM
 CVE-2018-1838
all versions
IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by
5.3MEDIUM
 CVE-2018-1794
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability
6.1MEDIUM
 CVE-2018-1793
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability a
6.1MEDIUM
 CVE-2018-1683
< 18.0.0.3
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to e
5.9MEDIUM
 CVE-2018-1719
>= 8.5.0.0 and <= 8.5.5.14
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could resu
5.9MEDIUM
 CVE-2018-1567
>= 7.0.0.0 and <= 7.0.0.45
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SO
9.8CRITICAL
 CVE-2018-1695
all versions
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoof
7.3HIGH
 CVE-2018-1755
all versions
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transp
5.9MEDIUM
 CVE-2018-1621
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file
4.4MEDIUM
 CVE-2018-1553
< 18.0.0.2
IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused b
5.3MEDIUM
 CVE-2018-1614
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow
5.8MEDIUM
 CVE-2013-3024
>= 8.5.0.0 and <= 8.5.0.2
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper pr
7.8HIGH
 CVE-2017-1743
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by im
4.3MEDIUM
 CVE-2017-1788
>= 9.0.0.0 and <= 9.0.0.7
IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X
5.3MEDIUM
 CVE-2017-1741
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by im
4.3MEDIUM
 CVE-2011-4889
>= 6.1 and < 6.1.0.43
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6
9.8CRITICAL
 CVE-2017-1731
>= 7.0.0.0 and <= 7.0.0.43
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative
8.8HIGH
 CVE-2017-1503
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could
6.1MEDIUM
 CVE-2015-0110
all versions
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authent
6.5MEDIUM
 CVE-2017-1501
all versions
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to up
5.9MEDIUM
 CVE-2017-1504
all versions
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command
6.5MEDIUM
 CVE-2017-1382
>= 7.0.0.0 and <= 7.0.0.43
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized
7.1HIGH
 CVE-2017-1380
>= 7.0.0.0 and <= 7.0.0.43
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to
5.4MEDIUM
 CVE-2017-1381
>= 7.0.0.0 and <= 7.0.0.43
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obt
3.3LOW
 CVE-2016-9736
all versions
IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.
5.3MEDIUM
 CVE-2017-1137
all versions
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this w
8.1HIGH
 CVE-2017-1194
all versions
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker
8.8HIGH
 CVE-2017-1151
all versions
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Intercep
8.1HIGH
 CVE-2017-1121
all versions
IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed
5.4MEDIUM
 CVE-2016-8919
all versions
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted so
7.5HIGH
 CVE-2016-8934
all versions
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScr
5.4MEDIUM
 CVE-2016-9879
all versions
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does
7.5HIGH
 CVE-2016-0378
<= 16.0.0.2
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote at
3.7LOW
 CVE-2016-0377
all versions
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before
4.3MEDIUM
 CVE-2016-5983
all versions
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Libe
7.5HIGH
 CVE-2016-5986
all versions
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, an
7.5HIGH
 CVE-2016-3042
all versions
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows re
5.4MEDIUM
 CVE-2016-0385
all versions
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 befor
3.1LOW
 CVE-2016-2960
all versions
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x
3.7LOW
 CVE-2016-2945
all versions
The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack
7.5HIGH
 CVE-2016-2923
all versions
IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly
7.5HIGH
 CVE-2016-0389
all versions
Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows rem
5.3MEDIUM
 CVE-2016-0359
all versions
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8
6.1MEDIUM
 CVE-2015-5041
<= 3.0.9.20
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP
9.1CRITICAL
 CVE-2016-0306
all versions
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabl
5.9MEDIUM
 CVE-2016-0283
all versions
Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (
6.1MEDIUM
 CVE-2015-7417
all versions
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 bef
5.4MEDIUM
 CVE-2015-7450
all versions
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social pro
9.8CRITICAL
 CVE-2015-5004
all versions
The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not pro
 CVE-2015-2017
all versions
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0
 CVE-2015-4938
all versions
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to s
 CVE-2015-1932
all versions
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterp
 CVE-2015-1946
all versions
IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Appli
 CVE-2015-1936
all versions
The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Securi
 CVE-2015-1927
all versions
The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8
 CVE-2015-1920
all versions
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allo
 CVE-2015-1885
all versions
WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile bef
 CVE-2015-1882
all versions
Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated u
 CVE-2015-0175
all versions
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which all
 CVE-2015-0174
all versions
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data,
 CVE-2015-0106
all versions
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 t
 CVE-2014-8890
all versions
IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the
 CVE-2014-6174
all versions
IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to c
 CVE-2014-6167
all versions
Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0
 CVE-2014-6166
all versions
The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8
 CVE-2014-6164
all versions
IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID
 CVE-2014-3021
all versions
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle H
 CVE-2014-4816
all versions
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x throug
 CVE-2014-4770
all versions
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0
 CVE-2014-4758
all versions
IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to by
 CVE-2014-3075
all versions
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition
 CVE-2014-4767
all versions
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for featu
 CVE-2014-4764
all versions
IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is e
 CVE-2014-3083
all versions
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly re
 CVE-2014-3070
all versions
The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.
 CVE-2014-3022
all versions
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attacke
 CVE-2014-0965
all versions
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attacke
 CVE-2014-3087
all versions
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows r
 CVE-2014-0957
all versions
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, al
 CVE-2014-0891
all versions
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attacke
 CVE-2014-0964
all versions
IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a de
 CVE-2014-0896
all versions
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive informatio
 CVE-2014-0859
all versions
The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2,
 CVE-2014-0857
all versions
The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote aut
 CVE-2014-0823
all versions
IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files
 CVE-2013-6323
all versions
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.
 CVE-2013-6725
all versions
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.
 CVE-2013-6330
all versions
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authent
 CVE-2013-6325
all versions
IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to ca
 CVE-2013-5418
all versions
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.
 CVE-2013-5417
all versions
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.
 CVE-2013-5414
all versions
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.
 CVE-2013-4006
all versions
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allow
 CVE-2013-4053
all versions
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.
 CVE-2013-4052
all versions
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6
 CVE-2013-0596
all versions
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2013-4005
all versions
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2013-4004
all versions
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.
 CVE-2013-3029
all versions
Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before
 CVE-2013-2976
all versions
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7,
 CVE-2013-2967
all versions
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2013-0597
all versions
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.
 CVE-2013-1777
all versions
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Ed
 CVE-2013-0482
all versions
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Brok
 CVE-2013-0565
all versions
Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IBM WebSphere Application Server
 CVE-2013-0544
all versions
Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0
 CVE-2013-0543
all versions
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Lin
 CVE-2013-0542
<= 6.1.0.45
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2013-0541
all versions
Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 be
 CVE-2013-0540
all versions
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate aut
 CVE-2013-0462
all versions
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and
 CVE-2013-0461
all versions
Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application S
 CVE-2013-0460
all versions
Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Applicatio
 CVE-2013-0459
all versions
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2013-0458
all versions
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2012-5955
all versions
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote at
 CVE-2012-4853
all versions
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0
 CVE-2012-4851
<= 8.5.0.0
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote atta
 CVE-2012-4850
all versions
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, whi
 CVE-2012-3330
all versions
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSpher
 CVE-2012-3311
all versions
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/O
 CVE-2012-3306
all versions
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when
 CVE-2012-3305
all versions
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8
 CVE-2012-3304
all versions
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5,
 CVE-2012-3325
all versions
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile
 CVE-2012-3293
all versions
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.
 CVE-2012-2190
all versions
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7
 CVE-2012-2170
all versions
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which all
 CVE-2012-0720
all versions
Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Applic
 CVE-2012-0717
all versions
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allow
 CVE-2012-0716
all versions
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 all
 CVE-2012-2162
<= 8.0.0.0
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expirat
 CVE-2012-0707
all versions
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web scr
 CVE-2012-0193
all versions
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 comp
 CVE-2011-1376
all versions
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i
 CVE-2011-5066
all versions
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1
 CVE-2011-5065
all versions
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to
 CVE-2011-1377
all versions
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.
 CVE-2011-1362
all versions
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM W
 CVE-2009-2748
all versions
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2009-2747
all versions
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 b
 CVE-2011-1368
all versions
The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly hand
 CVE-2011-1359
all versions
Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0
 CVE-2011-1356
all versions
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-tr
 CVE-2011-1355
all versions
Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote at
 CVE-2010-3271
<= 7.0.0.13
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM
 CVE-2011-1209
all versions
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorith
 CVE-2011-1683
all versions
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Lo
 CVE-2011-1322
all versions
The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WA
 CVE-2011-1321
all versions
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and
 CVE-2011-1320
all versions
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli
 CVE-2011-1319
all versions
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote aut
 CVE-2011-1318
<= 7.0.0.13
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Applicati
 CVE-2011-1317
all versions
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Ser
 CVE-2011-1316
<= 7.0.0.13
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0
 CVE-2011-1315
<= 7.0.0.13
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a d
 CVE-2011-1314
<= 7.0.0.13
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attacke
 CVE-2011-1313
all versions
Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote
 CVE-2011-1312
all versions
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 doe
 CVE-2011-1311
<= 7.0.0.13
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines
 CVE-2011-1310
all versions
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.
 CVE-2011-1309
<= 7.0.0.13
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has
 CVE-2011-1308
<= 7.0.0.13
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM W
 CVE-2011-1307
<= 7.0.0.13
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which
 CVE-2008-7274
all versions
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an inter
 CVE-2011-0316
all versions
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does no
 CVE-2011-0315
all versions
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS)
 CVE-2010-4220
all versions
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphe
 CVE-2010-0786
all versions
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the
 CVE-2010-0785
all versions
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before
 CVE-2010-0784
all versions
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.
 CVE-2010-0783
all versions
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2010-3700
all versions
VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM
 CVE-2010-0781
all versions
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remot
 CVE-2010-3186
all versions
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9
 CVE-2010-0779
all versions
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.
 CVE-2010-0778
all versions
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2010-2328
all versions
The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of servic
 CVE-2010-2327
all versions
mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Applica
 CVE-2010-2326
all versions
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers t
 CVE-2010-2325
<= 7.0.0.10
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.
 CVE-2010-2324
<= 7.0.0.10
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" action
 CVE-2010-2323
<= 7.0.0.10
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by readin
 CVE-2010-0777
all versions
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does
 CVE-2010-0776
all versions
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does
 CVE-2010-0775
all versions
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0
 CVE-2010-0774
all versions
The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.
 CVE-2010-1651
all versions
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing
 CVE-2010-1650
all versions
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace op
 CVE-2010-0770
<= 6.0.2.39
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticate
 CVE-2010-0769
<= 6.0.2.39
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define w
 CVE-2010-0768
<= 6.0.2.39
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.
 CVE-2010-1182
all versions
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9
 CVE-2010-0425
>= 6.1 and < 6.1.0.31
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x befor
 CVE-2010-0563
all versions
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Re
 CVE-2009-2749
all versions
Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predic
 CVE-2009-2746
all versions
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Applicati
 CVE-2009-2744
all versions
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial
 CVE-2009-2743
all versions
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurrin
 CVE-2009-2742
all versions
Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remo
 CVE-2009-3106
all versions
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly imple
 CVE-2009-2092
all versions
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portle
 CVE-2009-2091
all versions
The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file per
 CVE-2009-2090
all versions
Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 b
 CVE-2009-2089
all versions
The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enab
 CVE-2009-2088
all versions
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, w
 CVE-2009-2087
all versions
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain ci
 CVE-2009-2085
all versions
The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly hand
 CVE-2009-0906
all versions
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows rem
 CVE-2009-0217
all versions
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the O
 CVE-2009-0904
all versions
The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not
 CVE-2009-0903
all versions
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when
 CVE-2009-1901
<= 6.0.2.33
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which
 CVE-2009-1900
<= 6.0.2.33
The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.
 CVE-2009-1899
<= 6.0.2.33
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere A
 CVE-2009-1898
<= 6.0.2.33
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does
 CVE-2009-0899
>= 6.1 and <= 6.1.0.24
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0,
 CVE-2009-1174
all versions
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an
 CVE-2009-1173
all versions
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "inter
 CVE-2009-1172
all versions
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2009-0892
all versions
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers t
 CVE-2009-0891
all versions
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6
 CVE-2009-0508
all versions
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.
 CVE-2009-0856
all versions
Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before
 CVE-2009-0855
all versions
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.
 CVE-2009-0506
all versions
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Ass
 CVE-2009-0504
<= 7.0
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize
 CVE-2008-4285
all versions
Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component
 CVE-2009-0438
all versions
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and
 CVE-2009-0437
all versions
The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered
 CVE-2009-0436
all versions
The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSph
 CVE-2009-0435
all versions
Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component i
 CVE-2009-0434
all versions
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6
 CVE-2009-0433
all versions
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before
 CVE-2009-0432
all versions
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application
 CVE-2008-4284
all versions
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x
 CVE-2008-4283
<= 5.1.1.19
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x ve
 CVE-2009-0391
all versions
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unk
 CVE-2008-5414
all versions
Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application
 CVE-2008-5413
<= 7.0
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to
 CVE-2008-5412
<= 7.0
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vect
 CVE-2008-5411
<= 7.0
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote a
 CVE-2008-4679
all versions
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when
 CVE-2008-4678
all versions
The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 all
 CVE-2008-4111
all versions
Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1
 CVE-2008-3236
all versions
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 b
 CVE-2008-3235
all versions
Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WA
 CVE-2008-2550
<= 6.1.0.16
Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has
 CVE-2008-2221
all versions
Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges
 CVE-2008-0741
<= 6.0.2.24
Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 2
 CVE-2008-0740
<= 6.0.2.24
IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecifie
 CVE-2008-0389
<= 5.1.1.17
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0
 CVE-2007-6679
<= 6.0.2.24
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown imp
 CVE-2007-5944
all versions
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 throu
 CVE-2007-5799
<= 6.1.0.12
Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Ap
 CVE-2007-5798
<= 6.1.0.12
Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Applicati
 CVE-2007-5483
all versions
Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x a
 CVE-2007-4839
all versions
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) ha
 CVE-2007-4833
<= 6.1.0.9
Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has un
 CVE-2007-3960
<= 6.0.2.19
Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact a
 CVE-2007-3397
all versions
The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intende
 CVE-2007-3265
<= 6.1.0.7
Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier al
 CVE-2007-3264
<= 6.1.0.7
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impa
 CVE-2007-3263
<= 6.1.0.7
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unk
 CVE-2007-3262
<= 6.1.0.7
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows
 CVE-2006-7198
<= 6.0.2.11
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unk
 CVE-2007-1945
<= 6.1.0.1
Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown
 CVE-2007-1944
<= 6.1.0.1
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of serv
 CVE-2007-1608
<= 6.0.2.15
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary
 CVE-2006-7166
all versions
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive i
 CVE-2006-7165
all versions
IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive i
 CVE-2006-7164
all versions
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs
 CVE-2006-6637
all versions
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServ
 CVE-2006-6636
all versions
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.1
 CVE-2006-6136
all versions
IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time
 CVE-2006-6135
all versions
Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and
 CVE-2006-5324
<= 6.1.0.1
The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obta
 CVE-2006-5323
<= 6.1.0.1
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to
 CVE-2006-4223
<= 6.0.2.11
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unsp
 CVE-2006-4222
<= 6.0.2.11
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, incl
 CVE-2006-4137
all versions
IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related t
 CVE-2006-4136
<= 6.1.0.0
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors
 CVE-2006-3232
all versions
Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "U
 CVE-2006-3231
all versions
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remot
 CVE-2006-2436
all versions
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs w
 CVE-2006-2435
all versions
Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and att
 CVE-2006-2434
all versions
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Mo
 CVE-2006-2433
all versions
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and
 CVE-2006-2432
all versions
IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access
 CVE-2006-2431
all versions
Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Applic
 CVE-2006-2430
all versions
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plainte
 CVE-2006-2429
all versions
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and
 CVE-2006-2342
all versions
IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via
 CVE-2006-1619
all versions
IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via
 CVE-2006-1093
all versions
Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain
 CVE-2005-4834
all versions
IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensiti
 CVE-2005-4833
all versions
IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root,
 CVE-2005-4413
all versions
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers
 CVE-2005-3760
all versions
Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial
 CVE-2005-3498
>= 5.0.0 and < 5.02.15
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace i
 CVE-2005-2091
all versions
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, a
 CVE-2005-1872
all versions
Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled,
 CVE-2005-1112
all versions
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obt
 CVE-2005-0425
all versions
Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to ob
 CVE-2003-1447
all versions
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users t
 CVE-2002-1153
all versions
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP r
 CVE-2001-1189
all versions
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local
 CVE-2001-0824
all versions
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting th
 CVE-2001-0962
<= 3.5.3
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain
 CVE-2001-0390
all versions
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with
 CVE-2001-0389
all versions
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2
 CVE-2001-0122
all versions
Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.5
 CVE-2000-0848
all versions
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Hos
 CVE-2000-0652
all versions
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet
 CVE-2000-0497
all versions
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JS
7.5HIGH
 CVE-1999-0852
all versions
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin