IBM WebSphere Application Server Denial of Service Vulnerability (CNVD-2019-09065)

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A denial of service vulnerability exists in Admin Console in IBM WA...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Please consult the following...

Security Bulletin: Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console (CVE-2018-1777)

Summary There is a potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console. Vulnerability Details CVEID: CVE-2018-1777 DESCRIPTION: IBM WebSphere Application Server Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed...

Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console (CVE-2018-1770)

Summary There is a potential directory traversal vulnerability in the Admin Console for WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-1770 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to traverse directories on the system. An attacker could sen...

WEM Admin console fails to connect with error "Error while connecting to the specified Infrastructure Server!"

WEM admin console fails to connect with error "Error while connecting to the specified Infrastructure Server!" The Citrix WEM Console Trace.Log file located in the user profile %username% reports the following error: "Exception - ConnectToBroker.Run : System.Net.Sockets.SocketException : No...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2018-1926)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details For vulnerability details and information about fixes, see the...

CVE-2018-1926

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could explo...

Cross site request forgery (csrf)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could explo...

CVE-2018-1926

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could explo...

Security Bulletin: Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console shipped with Tivoli Integrated Portal (CVE-2018-1777)

Summary There is a potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console. Vulnerability Details CVEID: CVE-2018-1777 DESCRIPTION: IBM WebSphere Application Server Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2018-1777)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulleti...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2018-1770)

Summary IBM WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulleti...

GHSA-9H9C-F287-C6VP Improper Control of Interaction Frequency in Apache syncope-core

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

Hardcoded credentials

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

CVE-2018-17184

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admi...

Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console shipped with Jazz for Service Management (CVE-2018-1770)

Summary There is a potential directory traversal vulnerability in the Admin Console for WebSphere Application Server shipped with Jazz for Service Management. Vulnerability Details CVEID: CVE-2018-1770 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to traverse...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Please consult the following...

Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2018-1770, CVE-2018-1777, CVE-2018-1793, CVE-2018-1794 and CVE-2014-7810)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about security vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Please consult Security Bulletin: Potenti...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM ILOG Optimization Decision Manager Enterprise (CVE-2018-1770)

Summary IBM WebSphere Application Server is shipped as a component of IBM ILOG ODM Enterprise. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Potential...