Search Results (473 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-9072 1 Ibm 2 I, Websphere Application Server 2026-07-09 8.1 High
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.
CVE-2026-8858 1 Ibm 2 I, Websphere Application Server 2026-07-09 7.5 High
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.
CVE-2026-10852 1 Ibm 2 I, Websphere Application Server 2026-07-09 5.9 Medium
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
CVE-2026-11546 1 Ibm 1 Websphere Application Server Liberty 2026-07-01 7.1 High
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled.
CVE-2026-11541 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-07-01 7.4 High
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.
CVE-2026-11806 1 Ibm 1 Websphere Application Server Liberty 2026-07-01 7.2 High
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.
CVE-2026-11714 1 Ibm 1 Websphere Application Server Liberty 2026-07-01 8.5 High
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.
CVE-2026-11594 1 Ibm 1 Websphere Application Server 2026-07-01 8.5 High
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.
CVE-2026-11708 1 Ibm 1 Websphere Application Server 2026-07-01 9.3 Critical
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system.
CVE-2026-11712 1 Ibm 1 Websphere Application Server 2026-07-01 9.3 Critical
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.
CVE-2026-11595 1 Ibm 1 Websphere Application Server 2026-07-01 4.3 Medium
IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system.
CVE-2026-9006 1 Ibm 1 Websphere Application Server 2026-06-23 7.4 High
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
CVE-2026-9071 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-23 7.5 High
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVE-2026-10845 1 Ibm 1 Websphere Application Server 2026-06-22 7.3 High
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.
CVE-2026-9320 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-22 5.9 Medium
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVE-2026-8646 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-22 7.4 High
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information.
CVE-2026-8644 1 Ibm 1 Websphere Application Server 2026-06-04 9.1 Critical
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
CVE-2026-9319 1 Ibm 1 Websphere Application Server 2026-06-04 9 Critical
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
CVE-2026-9311 1 Ibm 1 Websphere Application Server 2026-06-04 9 Critical
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
CVE-2026-9330 1 Ibm 1 Websphere Application Server 2026-06-04 8.5 High
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.