CVE-2017-1501

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576...

CVE-2017-1501

CVE-2017-1501 affects IBM WebSphere Application Server; the Admin Console could leave web services security bindings weaker after updates. IBM bulletins indicate affected WAS versions include 8.0, 8.5, and 9.0 lines (e.g., 9.0.0.0–9.0.0.4; 8.5.5.10/11; 8.0.0.13). The vulnerability score via CVSSv...

CVE-2017-6640

A vulnerability in Cisco Prime Data Center Network Manager DCNM Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges...

IBM WebSphere Application Server Information Disclosure Vulnerability (swg21998469)

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-3403

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...

CVE-2016-3403

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...

CVE-2016-3403

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that 1 add, 2 modify, or 3 remove accounts by leveraging failure to use of a CSRF token and...

CVE-2016-3403

Zimbra Collaboration Server (Admin Console) vulnerable to multiple CSRF flaws in versions before 8.6.0 Patch 8. CSRF tokens and referer header checks are not enforced, enabling remote attackers to hijack administrator sessions and perform add/modify/remove account actions (bugs 100885/100899). Re...

IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2017-07382)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WAS version 8.0, 8.5...

CVE-2017-1137

IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549...

CVE-2017-1137

CVE-2017-1137 affects IBM WebSphere Application Server; describes a weakness in the WebSphere administrative console that could let a remote attacker obtain sensitive information and gain unauthorized access to the admin console. IBM security bulletins and IBM X-Force entries reference this CVE a...

CVE-2017-1137

IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549...

CVE-2017-3550

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite subcomponent: Admin Console. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2017-3550

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite subcomponent: Admin Console. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2017-3550

CVE-2017-3550 affects Oracle E-Business Suite, specifically the Customer Interaction History component (subcomponent: Admin Console). Affected versions are 12.1.1, 12.1.2 and 12.1.3. The vulnerability is described as easily exploitable and allows an unauthenticated attacker with network access vi...

CVE-2016-5760

Multiple cross-site scripting XSS vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the 1 token parameter to gwadmin-console/install/login.jsp or 2 PATHINFO to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the 1 token parameter to gwadmin-console/install/login.jsp or 2 PATHINFO to...

CVE-2016-5760

Multiple cross-site scripting XSS vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the 1 token parameter to gwadmin-console/install/login.jsp or 2 PATHINFO to...

Unauthorized Access

orb-iiop is vulnerable to unauthorized access. The vulnerability exists because setting listener network address value in the admin console is ignored. Therefore, the listener is setup on 0.0.0.0 any interface, and it allows remote attackers to interact with the corba orb interface to affect...