Lucene search
K

83 matches found

OSV
OSV
added 2021/05/26 5:15 p.m.2 views

CVE-2021-20492

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793...

8.2CVSS6.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/25 12:33 p.m.51 views

Security Bulletin: BEAST security vulnerability in IBM Tivoli Netcool Performance Manager for Wireline( CVE-2011-3389)

Summary Browser Exploit Against SSL/TLS a.k.a. BEAST vulnerability is observed. In TLS 1.0 and earlier, it is possible to predict the Initialization Vector IV of the block cipher encryption. This allows a man-in-the-middle attacker to guess the plaintext being encrypted. The affected products are...

2.6AI score0.73327EPSS
Exploits4Affected Software1
OSV
OSV
added 2020/03/26 2:15 p.m.3 views

CVE-2020-4276

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984...

7.5CVSS7.1AI score0.03121EPSS
Exploits0References2
CNVD
CNVD
added 2020/02/17 12:0 a.m.3 views

IBM WebSphere Application Server Memory Corruption Vulnerability

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server memory corruption vulnerability. N...

7.2CVSS6.9AI score0.01551EPSS
Exploits0References1
OSV
OSV
added 2020/02/04 5:15 p.m.4 views

CVE-2020-4163

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397...

7.2CVSS6.7AI score0.01551EPSS
Exploits0References2
OSV
OSV
added 2019/02/19 5:29 p.m.2 views

CVE-2018-1996

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650...

5.3CVSS5.8AI score0.01142EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2018/12/13 12:0 a.m.7 views

The vulnerability of the IBM WebSphere Application Server application server lies in its ability to restore unreliable data structures in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the IBM WebSphere Application Server application server lies in the recovery of unreliable data structures in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary Java code using a SOAP connection, from a remote location...

9.8CVSS8.2AI score0.0376EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/11/26 4:29 p.m.2 views

CVE-2018-1905

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534...

7.1CVSS5.8AI score0.02528EPSS
Exploits0References3
OSV
OSV
added 2018/11/16 3:29 p.m.2 views

CVE-2018-1797

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives EBA could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences ../, an attacker could exploit th...

5.5CVSS5.9AI score0.01951EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/01 12:45 p.m.15 views

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud

Summary There is a potential man-in-the-middle attack in Apache CXF used by WebSphere Application Server. There is a potential directory traversal vulnerability in the Admin Console for WebSphere Application Server. There is a potential bypass security vulnerability in the expression language...

8.1CVSS0.9AI score0.13872EPSS
Exploits1Affected Software1
OSV
OSV
added 2018/09/07 3:29 p.m.2 views

CVE-2018-1567

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024...

9.8CVSS6.1AI score0.0376EPSS
Exploits0References3
OSV
OSV
added 2018/01/30 6:29 p.m.1 views

CVE-2017-1731

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges...

8.8CVSS5.8AI score0.02899EPSS
Exploits0References4
OSV
OSV
added 2017/03/20 4:59 p.m.2 views

CVE-2017-1151

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect OIDC configured with a Trust Association Interceptor TAI could allow a user to gain elevated privileges on the system. IBM Reference : 1999293...

8.1CVSS5.8AI score0.02237EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2016/08/08 1:59 a.m.0 views

CVE-2016-2960

IBM WebSphere Application Server WAS 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages...

4.3CVSS5.6AI score0.39584EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/07/19 12:0 a.m.6 views

The vulnerability of WebSphere Application Server for application servers allows attackers to increase their privileges.

The vulnerability of the Discovery programming interface implementation in WebSphere Application Server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by using an external reference in the Swagger document...

6CVSS7.2AI score0.0185EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

The vulnerability of the WebSphere Application Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability in IBM GSKit for IBM Security Directory Server ISDS and Tivoli Directory Server TDS allows malicious actors to cause service failures—such as premature termination of applications or system hangs—by using improperly constructed X.509 certificate chains...

7.1CVSS6.7AI score0.02238EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.5 views

The vulnerability of the WebSphere Application Server software allows a malicious intruder to compromise the integrity of protected information.

Cross-site scripting XSS in the IBM WebSphere Application Server WAS and WebSphere Virtual Enterprise administration console allows authorized users to inject any web script or HTML code by using a specially crafted URL address...

3.5CVSS7.8AI score0.01613EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2016/07/03 9:59 p.m.1 views

CVE-2016-0359

CRLF injection vulnerability in IBM WebSphere Application Server WAS 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a...

6.1CVSS7.3AI score0.01465EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2015/11/17 12:0 a.m.14 views

WebSphere Server and JBoss Platform Apache Commons Collections Remote Code Execution (CVE-2015-7501)

A remote code execution vulnerability has been reported in the Apache Commons Java Collections Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted serialized object to an application which uses the Apache Commons Java Collections Framework as part of i...

10CVSS4.1AI score0.83274EPSS
Exploits8
BDU FSTEC
BDU FSTEC
added 2015/08/18 12:0 a.m.5 views

The vulnerability of WebSphere Application Server application servers allows a hacker to gain access to sessions.

The vulnerability of the WebSphere Application Server application server console is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to the session by manipulating the JSESSIONID parameter when the Security featur...

6CVSS7.2AI score0.01677EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder