Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Websphere Application Server  >> 9.0.5.16  Security Vulnerabilities
CVE-2024-45071
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.5
EPSS Score
0.002
Published
2024-10-16
CVE-2024-45072
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
5.5
EPSS Score
0.004
Published
2024-10-16
CVE-2024-35154
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.
CVSS Score
7.2
EPSS Score
0.012
Published
2024-07-09
CVE-2024-35153
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640.
CVSS Score
4.8
EPSS Score
0.004
Published
2024-06-27
CVE-2023-35890
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.
CVSS Score
5.1
EPSS Score
0.001
Published
2023-07-07
CVE-2010-2087
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
CVSS Score
4.3
EPSS Score
0.015
Published
2010-05-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved