Ibm Websphere Application Server Liberty
30 CVEs affecting Ibm Websphere Application Server Liberty. Latest disclosed: 2026-03-25. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-14914 | High | 7.6 | 2026-02-02 | IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences re… |
CVE-2025-36097 | High | 7.5 | 2025-07-16 | IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stac… |
CVE-2021-39031 | High | 7.5 | 2022-01-25 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a speci… |
CVE-2024-22354 | High | 7.0 | 2024-04-17 | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injec… |
CVE-2020-4304 | Medium | 6.1 | 2020-04-02 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary… |
CVE-2020-4303 | Medium | 6.1 | 2020-04-02 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary… |
CVE-2025-36124 | Medium | 5.9 | 2025-08-12 | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor J… |
CVE-2024-25026 | Medium | 5.9 | 2024-04-25 | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused… |
CVE-2024-27268 | Medium | 5.9 | 2024-04-04 | IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remot… |
CVE-2024-22353 | Medium | 5.9 | 2024-03-31 | IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remot… |
CVE-2023-38737 | Medium | 5.9 | 2023-08-16 | IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remo… |
CVE-2026-1561 | Medium | 5.4 | 2026-03-25 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSR… |
CVE-2025-12635 | Medium | 5.4 | 2025-12-08 | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to i… |
CVE-2022-34165 | Medium | 5.4 | 2022-09-09 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header in… |
CVE-2025-36047 | Medium | 5.3 | 2025-08-14 | IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remot… |
CVE-2023-50312 | Medium | 5.3 | 2024-03-01 | IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure… |
CVE-2020-4590 | Medium | 5.3 | 2020-09-21 | IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of se… |
CVE-2022-22476 | Medium | 5.0 | 2022-07-08 | IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specia… |
CVE-2022-22475 | Medium | 5.0 | 2022-05-17 | IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force I… |
CVE-2020-4421 | Medium | 5.0 | 2020-05-06 | IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force… |