本頁列出影響 ibm websphere_application_server 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-9330 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. | [email protected] | 8.5 | 0.28% | 2026-06-01 | 2026-06-04 |
| CVE-2026-9319 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | [email protected] | 9.0 | 0.29% | 2026-06-01 | 2026-06-04 |
| CVE-2026-9311 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | [email protected] | 9.0 | 0.26% | 2026-06-01 | 2026-06-04 |
| CVE-2026-8644 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | [email protected] | 9.1 | 0.05% | 2026-06-01 | 2026-06-04 |
| CVE-2026-5516 | IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window. | [email protected] | 4.4 | 0.04% | 2026-05-27 | 2026-06-02 |
| CVE-2026-4410 | IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | [email protected] | 4.8 | 0.10% | 2026-05-27 | 2026-06-01 |
| CVE-2026-8633 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request. | [email protected] | 9.8 | 0.26% | 2026-05-26 | 2026-05-27 |
| CVE-2026-8620 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request. | [email protected] | 7.5 | 0.06% | 2026-05-26 | 2026-06-02 |
| CVE-2026-3621 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured. | [email protected] | 7.5 | 0.04% | 2026-04-23 | 2026-05-13 |
| CVE-2026-1561 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | [email protected] | 5.4 | 0.03% | 2026-03-25 | 2026-03-30 |
| CVE-2025-14917 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. | [email protected] | 6.7 | 0.01% | 2026-03-25 | 2026-03-30 |
| CVE-2025-14915 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. | [email protected] | 6.5 | 0.03% | 2026-03-25 | 2026-03-30 |
| CVE-2025-14923 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings. | [email protected] | 4.7 | 0.01% | 2026-03-03 | 2026-03-04 |
| CVE-2025-13333 | IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. | [email protected] | 4.4 | 0.03% | 2026-02-17 | 2026-02-20 |
| CVE-2025-14914 | IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. | [email protected] | 7.6 | 0.04% | 2026-02-02 | 2026-02-12 |
| CVE-2025-12635 | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. | [email protected] | 5.4 | 0.03% | 2025-12-08 | 2025-12-11 |
| CVE-2025-36099 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources. | [email protected] | 4.9 | 0.05% | 2025-09-29 | 2025-10-03 |
| CVE-2025-36047 | IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | [email protected] | 5.3 | 0.40% | 2025-08-14 | 2025-11-03 |
| CVE-2025-33142 | IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. | [email protected] | 5.3 | 0.17% | 2025-08-14 | 2025-08-18 |
| CVE-2025-36000 | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 4.4 | 0.13% | 2025-08-12 | 2025-08-14 |