142 matches found
CVE-2021-20353
CVE-2021-20353 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. It is an XML External Entity (XXE) vulnerability triggered during XML processing that could lead to exposure of sensitive data or memory/resource exhaustion. The IBM IBM X-Force ID 194882 is cited; CVSS v3 base score ...
Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2020-4643)
Summary Embedded IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager for Wireline(Deferred CVE-2020-2590 and CVE-2020-2601)
Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version that is used by Tivoli Netcool Performance Manager. This issues is disclosed as part of the IBM Java SDK updates for July 2020. Information about a security vulnerability affecting IBM WebSphere Application Server has...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business
Summary IBM WebSphere Application Server is shipped with Tivoli Access Manager for e-business. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...
CVE-2020-4578
CVE-2020-4578 is a cross-site scripting vulnerability in IBM WebSphere Application Server (Admin Console) affecting WAS 7.0, 8.0, 8.5, and 9.0. It permits embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within an active session. IBM sources (X-Force 184...
CVE-2020-4575
CVE-2020-4575 affects IBM WebSphere Application Server ND 8.5/9.0 and WebSphere Virtual Enterprise 7.0/8.0, with a cross-site scripting vulnerability when High Availability Deployment Manager is configured. The Connected IBM Security Bulletins indicate remediation via upgrading to fixed WebSphere...
CVE-2020-4589
Summary: CVE-2020-4589 affects IBM WebSphere Application Server (WAS) across multiple releases (7.0/8.0/8.5/9.0) and can allow a remote attacker to execute arbitrary code via a specially-crafted sequence of serialized objects from untrusted sources. Multiple IBM security bulletins describe WAS an...
IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2020-34983)
IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2020-4365)
Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
CVE-2020-4365
CVE-2020-4365 affects IBM WebSphere Application Server (notably 8.5) and is a server-side request forgery vulnerability. A remote authenticated attacker could craft a request to obtain sensitive data. IBM bulletins provide fixes for affected WAS variants (e.g., 8.5) and reference remediation path...
Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2020-4362)
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2020-4362)
Summary IBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
CVE-2019-4670
CVE-2019-4670 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. Root cause: information disclosure due to improper data representation in the Admin Console (as described in IBM Security Bulletins). Exploitation would permit remote attackers to obtain sensitive information. Remediat...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2019-10086)
Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the...
Design/Logic Flaw
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change...
CVE-2019-18285
CVE-2019-18285 affects Siemens SPPA-T3000 Application Server (all versions prior to Service Pack R8.2 SP2). The vulnerability arises from unencrypted RMI communication between the client and the Application Server, allowing an attacker who has access to the Application Highway or the communicatio...
CVE-2019-18287
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have...
CVE-2019-18283
CVE-2019-18283 affects Siemens SPPA-T3000 Application Server (all versions before Service Pack R8.2 SP2). The vulnerability is in Deserialization of Untrusted Data via the AdminService, which is available without authentication, enabling remote code execution by sending specially crafted objects ...
wildfly-security-manager: security manager authorization bypass
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...
wildfly-security-manager: security manager authorization bypass
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...