Ibm: >> Websphere Application Server >> 9.0.0.0 Security Vulnerabilities
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
CVSS Score
7.4
EPSS Score
0.002
Published
2026-06-22
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information.
CVSS Score
7.4
EPSS Score
0.003
Published
2026-06-22
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
CVSS Score
9.1
EPSS Score
0.003
Published
2026-06-01
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
CVSS Score
9.0
EPSS Score
0.005
Published
2026-06-01
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
CVSS Score
9.0
EPSS Score
0.004
Published
2026-06-01
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.
CVSS Score
8.5
EPSS Score
0.005
Published
2026-06-01
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVSS Score
4.8
EPSS Score
0.005
Published
2026-05-27
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-05-26
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.
CVSS Score
9.8
EPSS Score
0.008
Published
2026-05-26
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.
CVSS Score
4.4
EPSS Score
0.003
Published
2026-02-17
Page 1