CVE-2010-1182

Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server WAS 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors...

CVE-2010-2325

Cross-site scripting XSS vulnerability in the administrative console in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."...

CVE-2013-0600

Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors...

CVE-2011-1307

The installer in IBM WebSphere Application Server WAS before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173...

CVE-2011-1321

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group...

CVE-2011-1310

The Administrative Scripting Tools component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the 1 wsadmin.traceout and 2 trace.log files, which allows local users to obtain potentially...

CVE-2011-1683

IBM WebSphere Application Server WAS 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors...

CVE-2011-1311

The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...

CVE-2011-2754

Cross-site scripting XSS vulnerability in the PageBuilder2 aka Page Builder theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager WCM and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-16561

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary WebSphere Application Server is included as part of IBM Tivoli Composite Application Manager for Application Diagnostics and has affected by a cross site vulnerability CVE-2025-33104 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

CVE-2019-1003056

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2013-0462

Unspecified vulnerability in IBM WebSphere Application Server WAS 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors...

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...

CVE-2011-5066

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

CVE-2010-4220

Cross-site scripting XSS vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."...

CVE-2010-4219

Cross-site scripting XSS vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2010-2326

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file...

CVE-2010-2328

The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...

CVE-2010-2323

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the defaultcreate.log file that is associated with profile creation by the BBOWWPFx job and the zPMT...