U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*
  • CPE Name Search: true
There are 108 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-29842

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

Published: September 16, 2021; 12:15:08 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-29736

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

Published: July 30, 2021; 8:15:07 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-29754

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.

Published: June 11, 2021; 11:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-20492

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.

Published: May 26, 2021; 1:15:14 PM -0400
V3.1: 8.2 HIGH
V2.0: 6.4 MEDIUM
CVE-2021-20454

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.

Published: April 21, 2021; 8:15:08 AM -0400
V3.1: 8.2 HIGH
V2.0: 6.4 MEDIUM
CVE-2021-20453

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.

Published: April 20, 2021; 8:15:12 AM -0400
V3.1: 8.2 HIGH
V2.0: 6.4 MEDIUM
CVE-2021-20480

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

Published: April 08, 2021; 9:15:13 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-5016

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556.

Published: March 10, 2021; 10:15:12 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 3.5 LOW
CVE-2021-20354

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

Published: February 18, 2021; 10:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-20353

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.

Published: February 10, 2021; 12:15:22 PM -0500
V3.1: 8.2 HIGH
V2.0: 6.4 MEDIUM
CVE-2020-4949

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.

Published: January 26, 2021; 10:15:13 AM -0500
V3.1: 8.2 HIGH
V2.0: 6.4 MEDIUM
CVE-2020-4576

IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428.

Published: October 01, 2020; 12:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-4629

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.

Published: September 30, 2020; 11:15:13 AM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2020-4643

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.

Published: September 21, 2020; 1:15:13 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-4578

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433.

Published: September 10, 2020; 1:15:33 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-4575

IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured.

Published: August 27, 2020; 9:15:12 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-4589

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585.

Published: August 13, 2020; 8:15:25 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-4464

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.

Published: July 17, 2020; 10:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2020-4450

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.

Published: June 05, 2020; 1:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-4449

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

Published: June 05, 2020; 1:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM