Ibm: >> Websphere Application Server >> 9.0.0.0 Security Vulnerabilities
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
CVSS Score
9.1
EPSS Score
0.003
Published
2026-06-01
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
CVSS Score
9.0
EPSS Score
0.005
Published
2026-06-01
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
CVSS Score
9.0
EPSS Score
0.004
Published
2026-06-01
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.
CVSS Score
8.5
EPSS Score
0.005
Published
2026-06-01
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVSS Score
4.8
EPSS Score
0.005
Published
2026-05-27
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-05-26
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.
CVSS Score
9.8
EPSS Score
0.008
Published
2026-05-26
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.
CVSS Score
4.4
EPSS Score
0.003
Published
2026-02-17
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-08
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.
CVSS Score
4.9
EPSS Score
0.003
Published
2025-09-29
Page 1