Ibm Websphere Application Server
125 CVEs affecting Ibm Websphere Application Server. Latest disclosed: 2026-06-01. Critical: 8, High: 24.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-4450 | Critical | 9.8 | 2020-06-05 | IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequenc… |
CVE-2020-4448 | Critical | 9.8 | 2020-06-05 | IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a special… |
CVE-2018-1567 | Critical | 9.8 | 2018-09-07 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialize… |
CVE-2026-8644 | Critical | 9.1 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. |
CVE-2026-9319 | Critical | 9.0 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints wi… |
CVE-2026-9311 | Critical | 9.0 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. |
CVE-2025-36038 | Critical | 9.0 | 2025-06-25 | IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of seriali… |
CVE-2019-4279 | Critical | 9.0 | 2019-05-17 | IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of seriali… |
CVE-2024-37532 | High | 8.8 | 2024-06-20 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID… |
CVE-2020-4464 | High | 8.8 | 2020-07-17 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafte… |
CVE-2026-9330 | High | 8.5 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign… |
CVE-2021-20454 | High | 8.2 | 2021-04-21 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attack… |
CVE-2021-20453 | High | 8.2 | 2021-04-20 | IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker co… |
CVE-2021-20353 | High | 8.2 | 2021-02-10 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attac… |
CVE-2020-4949 | High | 8.2 | 2021-01-26 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attac… |
CVE-2023-23477 | High | 8.1 | 2023-02-03 | IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequenc… |
CVE-2020-4589 | High | 8.1 | 2020-08-13 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence… |
CVE-2018-1904 | High | 8.1 | 2018-12-11 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with… |
CVE-2020-4534 | High | 7.8 | 2020-08-03 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by imprope… |
CVE-2025-36097 | High | 7.5 | 2025-07-16 | IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stac… |