Search Results (473 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4136 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
CVE-2006-4137 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.
CVE-2006-4222 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123.
CVE-2006-2431 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.
CVE-2005-3498 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.
CVE-2006-2436 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.
CVE-2001-0122 1 Ibm 2 Http Server, Websphere Application Server 2026-04-16 N/A
Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.
CVE-2026-1561 4 Apple, Ibm, Linux and 1 more 7 Macos, Aix, I and 4 more 2026-03-30 5.4 Medium
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-14915 4 Apple, Ibm, Linux and 1 more 8 Macos, Aix, I and 5 more 2026-03-30 6.5 Medium
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.
CVE-2025-14917 4 Apple, Ibm, Linux and 1 more 8 Macos, Aix, I and 5 more 2026-03-30 6.7 Medium
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.
CVE-2025-14923 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-03-04 4.7 Medium
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.
CVE-2025-36038 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2026-02-26 9 Critical
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
CVE-2025-14914 1 Ibm 1 Websphere Application Server 2026-02-26 7.6 High
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.
CVE-2025-13333 1 Ibm 1 Websphere Application Server 2026-02-20 4.4 Medium
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.
CVE-2025-12635 1 Ibm 1 Websphere Application Server 2025-12-11 5.4 Medium
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.
CVE-2025-36047 4 Apple, Ibm, Linux and 1 more 7 Macos, Aix, I and 4 more 2025-11-03 5.3 Medium
IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVE-2025-36099 1 Ibm 1 Websphere Application Server 2025-10-03 4.9 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.
CVE-2025-27907 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-09-01 4.1 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-33104 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-08-20 4.4 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-33142 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-08-18 5.3 Medium
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.