cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45087,https://securityvulnerability.io/vulnerability/CVE-2024-45087,Cross-Site Scripting Flaw in IBM WebSphere Application Server,"IBM WebSphere Application Server versions 8.5 and 9.0 are susceptible to a cross-site scripting vulnerability, which enables an attacker with privileged user access to inject and execute arbitrary JavaScript code in the web interface. This flaw can manipulate the intended functionality of the application, increasing the risk of credential disclosure during authenticated sessions, thereby compromising the security of the affected environment.",IBM,Websphere Application Server,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-11T17:15:00.000Z,0
CVE-2024-45086,https://securityvulnerability.io/vulnerability/CVE-2024-45086,IBM WebSphere Application Server Vulnerability to XML External Entity Injection Attack,IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.,IBM,Websphere Application Server,5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-04T20:15:00.000Z,0
CVE-2024-45072,https://securityvulnerability.io/vulnerability/CVE-2024-45072,IBM WebSphere Application Server Vulnerable to XML External Entity Injection Attack,IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.,IBM,Websphere Application Server,5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-45071,https://securityvulnerability.io/vulnerability/CVE-2024-45071,IBM WebSphere Application Server vulnerable to Stored Cross-Site Scripting,IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Websphere Application Server,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-45085,https://securityvulnerability.io/vulnerability/CVE-2024-45085,Denial of Service Vulnerability in IBM WebSphere Application Server 8.5,"IBM WebSphere Application Server 8.5 is susceptible to a vulnerability that can lead to a denial of service under specific configurations. An attacker exploiting this flaw could send a specially crafted request, triggering a malfunction that interrupts the normal operational capacity of the server. This vulnerability underscores the importance of adhering to proper configuration practices to mitigate potential risks associated with remote exploitation.",IBM,Websphere Application Server,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-15T22:15:00.000Z,0
CVE-2024-45073,https://securityvulnerability.io/vulnerability/CVE-2024-45073,Potential for Credentials Disclosure through Stored Cross-Site Scripting,IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Websphere Application Server,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-30T22:15:00.000Z,0
CVE-2023-50315,https://securityvulnerability.io/vulnerability/CVE-2023-50315,Spoofing Attacks on Trustworthy Certificates,IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks.  An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force ID:  274714.,IBM,Websphere Application Server,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-08-14T17:04:49.881Z,0
CVE-2024-35154,https://securityvulnerability.io/vulnerability/CVE-2024-35154,Arbitrary Code Execution Vulnerability in WebSphere Application Server 8.5 and 9.0,"IBM WebSphere Application Server versions 8.5 and 9.0 contain a vulnerability that could be exploited by a remote authenticated attacker who has access to the administrative console. By sending specially crafted input, the attacker may execute arbitrary code on the system, potentially leading to unauthorized actions or data compromise. This vulnerability highlights the importance of securing access to administrative interfaces and monitoring for suspicious activity within these applications.",IBM,Websphere Application Server,7.2,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-07-09T22:15:00.000Z,0
CVE-2024-35153,https://securityvulnerability.io/vulnerability/CVE-2024-35153,Cross-Site Scripting Vulnerability in IBM WebSphere Application Server,IBM WebSphere Application Server versions 8.5 and 9.0 have a cross-site scripting vulnerability that allows privileged users to inject arbitrary JavaScript into the Web UI. This injection can alter the intended functionality of the application and may lead to the disclosure of sensitive user credentials during trusted sessions. Organizations using these versions should consider applying security patches and implement appropriate security measures to mitigate the risk of exploitation.,IBM,Websphere Application Server,4.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-27T18:15:00.000Z,0
CVE-2024-37532,https://securityvulnerability.io/vulnerability/CVE-2024-37532,IBM WebSphere Application Server Vulnerable to Identity Spoofing,"IBM WebSphere Application Server versions 8.5 and 9.0 are affected by an identity spoofing vulnerability that allows authenticated users to perform unauthorized actions by exploiting improper signature validation mechanisms. This flaw can lead to significant security risks, including the potential for unintended access and manipulation of sensitive data within the application. Proper signature validation is crucial for ensuring the authenticity of requests, and failure to implement this correctly can leave systems open to exploitation.",IBM,Websphere Application Server,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-20T13:22:16.089Z,0
CVE-2024-25026,https://securityvulnerability.io/vulnerability/CVE-2024-25026,IBM WebSphere Application Server Vulnerable to Denial of Service Attack,"IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request.  A remote attacker could exploit this vulnerability to cause the server to consume memory resources.  IBM X-Force ID:  281516.",IBM,"Websphere Application Server,Websphere Application Server Liberty",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-25T12:16:24.487Z,0
CVE-2024-22329,https://securityvulnerability.io/vulnerability/CVE-2024-22329,IBM WebSphere Application Server Vulnerable to Server-Side Request Forgery (SSRF),"
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack.  X-Force ID:  279951.

",IBM,"Websphere Application Server,Websphere Application Server Liberty",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-17T01:21:46.300Z,0
CVE-2024-22354,https://securityvulnerability.io/vulnerability/CVE-2024-22354,IBM WebSphere Application Server Vulnerable to XML External Entity Injection Attack,"IBM WebSphere Application Server versions 8.5, 9.0, and IBM WebSphere Application Server Liberty from version 17.0.0.3 to 24.0.0.5 are susceptible to an XML External Entity Injection attack when handling XML data. This vulnerability could enable a remote attacker to access confidential information, exhaust server memory resources, or perform server-side request forgery attacks. Organizations using these versions should recognize and mitigate this persistent vulnerability to protect their systems from potential exploitation.",IBM,"Websphere Application Server,Websphere Application Server Liberty",7,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-17T01:07:58.187Z,0
CVE-2024-27268,https://securityvulnerability.io/vulnerability/CVE-2024-27268,IBM WebSphere Application Server Liberty Under Denial of Service Attack,"IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.  IBM X-Force ID:  284574.",IBM,Websphere Application Server Liberty,5.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-04T18:15:00.000Z,0
CVE-2023-50313,https://securityvulnerability.io/vulnerability/CVE-2023-50313,IBM WebSphere Application Server information disclosure,IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration.  IBM X-Force ID:  274812.,IBM,Websphere Application Server,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-02T13:15:00.000Z,0
CVE-2024-22353,https://securityvulnerability.io/vulnerability/CVE-2024-22353,IBM WebSphere Application Server Liberty denial of service,"IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.  IBM X-Force ID:  280400.",IBM,Websphere Application Server Liberty,5.9,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-31T12:15:00.000Z,0
CVE-2024-27270,https://securityvulnerability.io/vulnerability/CVE-2024-27270,IBM WebSphere Application Server vulnerable to cross-site scripting,IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI.  IBM X-Force ID:  284576.,IBM,Websphere Application Server Liberty,4.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-27T12:42:52.797Z,0
CVE-2023-50312,https://securityvulnerability.io/vulnerability/CVE-2023-50312,Weaker than expected security for outbound TLS connections,IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration.  IBM X-Force ID:  274711.,IBM,Websphere Application Server Liberty,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T02:30:11.542Z,0
CVE-2023-46158,https://securityvulnerability.io/vulnerability/CVE-2023-46158,IBM WebSphere Application Server session fixation,IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling.  IBM X-Force ID:  268775.,IBM,Websphere Application Server Liberty,4.9,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2023-10-25T02:56:20.321Z,0
CVE-2023-38737,https://securityvulnerability.io/vulnerability/CVE-2023-38737,IBM WebSphere Application Server Liberty denial of service,"IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.  IBM X-Force ID:  262567.",IBM,Websphere Application Server Liberty,5.9,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-08-16T19:15:00.000Z,0
CVE-2023-35890,https://securityvulnerability.io/vulnerability/CVE-2023-35890,IBM WebSphere Application Server information disclosure,"IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file.  IBM X-Force ID:  258637.",IBM,Websphere Application Server,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-07-07T03:15:00.000Z,0
CVE-2023-27554,https://securityvulnerability.io/vulnerability/CVE-2023-27554,IBM WebSphere Application Server XML external entity injection,"IBM WebSphere Application Server versions 8.5 and 9.0 are vulnerable to XML External Entity Injection, which allows remote attackers to exploit XML processing features. This vulnerability can lead to the exposure of sensitive information or excessive memory consumption, posing significant risks to server integrity and data security.",IBM,Websphere Application Server,6.3,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-05-11T20:15:00.000Z,0
CVE-2022-39161,https://securityvulnerability.io/vulnerability/CVE-2022-39161,IBM WebSphere Application Server information disclosure,"IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force  ID:  235069.",IBM,Websphere Application Server,4.8,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-05-03T19:56:41.894Z,0
CVE-2023-24966,https://securityvulnerability.io/vulnerability/CVE-2023-24966,IBM WebSphere Application Server cross-site scripting,IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  246904.,IBM,Websphere Application Server,6.1,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-04-27T14:15:00.000Z,0
CVE-2023-26283,https://securityvulnerability.io/vulnerability/CVE-2023-26283,IBM WebSphere Application Server cross-site scripting,IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  248416.,IBM,WebSphere Application Server,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-04-02T21:15:00.000Z,0