This page lists publicly disclosed CVE vulnerabilities affecting ibm websphere_application_server (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-9330 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. | [email protected] | 8.5 | 0.38% | 2026-06-01 | 2026-06-17 |
| CVE-2026-9319 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | [email protected] | 9.0 | 0.37% | 2026-06-01 | 2026-06-17 |
| CVE-2026-9311 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | [email protected] | 9.0 | 0.40% | 2026-06-01 | 2026-06-17 |
| CVE-2026-8644 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | [email protected] | 9.1 | 0.28% | 2026-06-01 | 2026-06-17 |
| CVE-2026-5516 | IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window. | [email protected] | 4.4 | 0.20% | 2026-05-27 | 2026-06-17 |
| CVE-2026-4410 | IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | [email protected] | 4.8 | 0.50% | 2026-05-27 | 2026-06-17 |
| CVE-2026-8633 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request. | [email protected] | 9.8 | 0.48% | 2026-05-26 | 2026-06-17 |
| CVE-2026-8620 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request. | [email protected] | 7.5 | 0.23% | 2026-05-26 | 2026-06-17 |
| CVE-2026-3621 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured. | [email protected] | 7.5 | 0.22% | 2026-04-23 | 2026-06-17 |
| CVE-2026-1561 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | [email protected] | 5.4 | 0.28% | 2026-03-25 | 2026-06-17 |
| CVE-2025-14917 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. | [email protected] | 6.7 | 0.36% | 2026-03-25 | 2026-06-17 |
| CVE-2025-14915 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. | [email protected] | 6.5 | 0.50% | 2026-03-25 | 2026-06-17 |
| CVE-2025-14923 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. | [email protected] | 4.7 | 0.16% | 2026-03-03 | 2026-06-17 |
| CVE-2025-13333 | IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. | [email protected] | 4.4 | 0.31% | 2026-02-17 | 2026-06-17 |
| CVE-2025-14914 | IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. | [email protected] | 7.6 | 0.39% | 2026-02-02 | 2026-06-17 |
| CVE-2025-12635 | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. | [email protected] | 5.4 | 0.14% | 2025-12-08 | 2026-06-17 |
| CVE-2025-36099 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources. | [email protected] | 4.9 | 0.29% | 2025-09-29 | 2026-06-17 |
| CVE-2025-36047 | IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | [email protected] | 5.3 | 0.40% | 2025-08-14 | 2026-06-17 |
| CVE-2025-33142 | IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. | [email protected] | 5.3 | 0.25% | 2025-08-14 | 2026-06-17 |
| CVE-2025-36000 | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 4.4 | 0.17% | 2025-08-12 | 2026-06-17 |