ibm websphere_application_server CVE 漏洞(457)

CVE 数: 457 CPE versions: View versions table

摘要

本页列出影响 ibm websphere_application_server 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。

显示 120457 CVE 数
«« 第一页 « 上一页 第 1 / 23 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-9320 IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. [email protected] 5.9 0.31% 2026-06-22 2026-06-23
CVE-2026-9071 IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. [email protected] 7.5 0.31% 2026-06-22 2026-06-23
CVE-2026-9006 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure. [email protected] 7.4 0.23% 2026-06-22 2026-06-24
CVE-2026-8646 IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information. [email protected] 7.4 0.34% 2026-06-22 2026-06-24
CVE-2026-10845 IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. [email protected] 7.3 0.34% 2026-06-22 2026-06-23
CVE-2026-9330 IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. [email protected] 8.5 0.47% 2026-06-01 2026-06-17
CVE-2026-9319 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. [email protected] 9.0 0.37% 2026-06-01 2026-06-17
CVE-2026-9311 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. [email protected] 9.0 0.49% 2026-06-01 2026-06-17
CVE-2026-8644 IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. [email protected] 9.1 0.28% 2026-06-01 2026-06-17
CVE-2026-5516 IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window. [email protected] 4.4 0.20% 2026-05-27 2026-06-17
CVE-2026-4410 IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. [email protected] 4.8 0.50% 2026-05-27 2026-06-17
CVE-2026-8633 IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request. [email protected] 9.8 0.85% 2026-05-26 2026-06-17
CVE-2026-8620 IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request. [email protected] 7.5 0.28% 2026-05-26 2026-06-17
CVE-2026-3621 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured. [email protected] 7.5 0.28% 2026-04-22 2026-06-17
CVE-2026-1561 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. [email protected] 5.4 0.28% 2026-03-25 2026-06-17
CVE-2025-14917 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. [email protected] 6.7 0.36% 2026-03-25 2026-06-17
CVE-2025-14915 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. [email protected] 6.5 0.50% 2026-03-25 2026-06-17
CVE-2025-14923 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. [email protected] 4.7 0.16% 2026-03-03 2026-06-17
CVE-2025-13333 IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. [email protected] 4.4 0.31% 2026-02-17 2026-06-17
CVE-2025-14914 IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. [email protected] 7.6 0.39% 2026-02-02 2026-06-17
«« 第一页 « 上一页 第 1 / 23 页 下一页 »
cvelogic Threat Intelligence