本页列出影响 ibm websphere_application_server 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-9320 | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | [email protected] | 5.9 | 0.31% | 2026-06-22 | 2026-06-23 |
| CVE-2026-9071 | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | [email protected] | 7.5 | 0.31% | 2026-06-22 | 2026-06-23 |
| CVE-2026-9006 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure. | [email protected] | 7.4 | 0.23% | 2026-06-22 | 2026-06-24 |
| CVE-2026-8646 | IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information. | [email protected] | 7.4 | 0.34% | 2026-06-22 | 2026-06-24 |
| CVE-2026-10845 | IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. | [email protected] | 7.3 | 0.34% | 2026-06-22 | 2026-06-23 |
| CVE-2026-9330 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. | [email protected] | 8.5 | 0.47% | 2026-06-01 | 2026-06-17 |
| CVE-2026-9319 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | [email protected] | 9.0 | 0.37% | 2026-06-01 | 2026-06-17 |
| CVE-2026-9311 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | [email protected] | 9.0 | 0.49% | 2026-06-01 | 2026-06-17 |
| CVE-2026-8644 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | [email protected] | 9.1 | 0.28% | 2026-06-01 | 2026-06-17 |
| CVE-2026-5516 | IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window. | [email protected] | 4.4 | 0.20% | 2026-05-27 | 2026-06-17 |
| CVE-2026-4410 | IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | [email protected] | 4.8 | 0.50% | 2026-05-27 | 2026-06-17 |
| CVE-2026-8633 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request. | [email protected] | 9.8 | 0.85% | 2026-05-26 | 2026-06-17 |
| CVE-2026-8620 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request. | [email protected] | 7.5 | 0.28% | 2026-05-26 | 2026-06-17 |
| CVE-2026-3621 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured. | [email protected] | 7.5 | 0.28% | 2026-04-22 | 2026-06-17 |
| CVE-2026-1561 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | [email protected] | 5.4 | 0.28% | 2026-03-25 | 2026-06-17 |
| CVE-2025-14917 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. | [email protected] | 6.7 | 0.36% | 2026-03-25 | 2026-06-17 |
| CVE-2025-14915 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. | [email protected] | 6.5 | 0.50% | 2026-03-25 | 2026-06-17 |
| CVE-2025-14923 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. | [email protected] | 4.7 | 0.16% | 2026-03-03 | 2026-06-17 |
| CVE-2025-13333 | IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. | [email protected] | 4.4 | 0.31% | 2026-02-17 | 2026-06-17 |
| CVE-2025-14914 | IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. | [email protected] | 7.6 | 0.39% | 2026-02-02 | 2026-06-17 |