Ibm Websphere_application_server
188 CVEs affecting Ibm Websphere_application_server. Latest disclosed: 2026-06-01. Critical: 5, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-8633 | Critical | 9.8 | 2026-05-26 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liber… |
CVE-2026-8644 | Critical | 9.1 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. |
CVE-2015-5041 | Critical | 9.1 | 2016-06-06 | The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to… |
CVE-2026-9319 | Critical | 9.0 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints wi… |
CVE-2026-9311 | Critical | 9.0 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. |
CVE-2017-1194 | High | 8.8 | 2017-04-28 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unau… |
CVE-2026-9330 | High | 8.5 | 2026-06-01 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign… |
CVE-2017-1137 | High | 8.1 | 2017-05-10 | IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive i… |
CVE-2017-1151 | High | 8.1 | 2017-03-20 | IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user… |
CVE-2026-8620 | High | 7.5 | 2026-05-26 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liber… |
CVE-2026-3621 | High | 7.5 | 2026-04-23 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited… |
CVE-2016-8919 | High | 7.5 | 2017-02-01 | IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the co… |
CVE-2016-9879 | High | 7.5 | 2017-01-06 | An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parame… |
CVE-2016-5983 | High | 7.5 | 2016-10-05 | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows re… |
CVE-2016-5986 | High | 7.5 | 2016-10-01 | IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mis… |
CVE-2016-2945 | High | 7.5 | 2016-07-08 | The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authe… |
CVE-2016-2923 | High | 7.5 | 2016-07-07 | IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header f… |
CVE-2017-1382 | High | 7.1 | 2017-07-24 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom star… |
CVE-2015-0110 | Medium | 6.5 | 2017-09-15 | IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intend… |
CVE-2017-1504 | Medium | 6.5 | 2017-08-03 | IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryp… |