Lucene search
K

142 matches found

CVE
CVE
added 2021/02/10 5:0 p.m.108 views

CVE-2021-20353

CVE-2021-20353 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. It is an XML External Entity (XXE) vulnerability triggered during XML processing that could lead to exposure of sensitive data or memory/resource exhaustion. The IBM IBM X-Force ID 194882 is cited; CVSS v3 base score ...

8.2CVSS8AI score0.05162EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 10:25 a.m.25 views

Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2020-4643)

Summary Embedded IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 4.1.1 and version 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

2.3AI score0.02839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 5:34 p.m.212 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager for Wireline(Deferred CVE-2020-2590 and CVE-2020-2601)

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version that is used by Tivoli Netcool Performance Manager. This issues is disclosed as part of the IBM Java SDK updates for July 2020. Information about a security vulnerability affecting IBM WebSphere Application Server has...

0.1AI score0.04196EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 9:32 p.m.29 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business

Summary IBM WebSphere Application Server is shipped with Tivoli Access Manager for e-business. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...

10CVSS1.7AI score0.33937EPSS
Exploits0Affected Software1
CVE
CVE
added 2020/09/10 4:50 p.m.85 views

CVE-2020-4578

CVE-2020-4578 is a cross-site scripting vulnerability in IBM WebSphere Application Server (Admin Console) affecting WAS 7.0, 8.0, 8.5, and 9.0. It permits embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within an active session. IBM sources (X-Force 184...

5.4CVSS5.3AI score0.00708EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/08/27 12:40 p.m.66 views

CVE-2020-4575

CVE-2020-4575 affects IBM WebSphere Application Server ND 8.5/9.0 and WebSphere Virtual Enterprise 7.0/8.0, with a cross-site scripting vulnerability when High Availability Deployment Manager is configured. The Connected IBM Security Bulletins indicate remediation via upgrading to fixed WebSphere...

6.1CVSS6.1AI score0.00921EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2020/08/13 11:50 a.m.114 views

CVE-2020-4589

Summary: CVE-2020-4589 affects IBM WebSphere Application Server (WAS) across multiple releases (7.0/8.0/8.5/9.0) and can allow a remote attacker to execute arbitrary code via a specially-crafted sequence of serialized objects from untrusted sources. Multiple IBM security bulletins describe WAS an...

10CVSS9.4AI score0.08465EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/06/28 12:0 a.m.2 views

IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2020-34983)

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...

5.9CVSS6.4AI score0.01153EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/03 4:32 a.m.24 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2020-4365)

Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS2AI score0.01398EPSS
Exploits0Affected Software1
CVE
CVE
added 2020/05/14 3:50 p.m.77 views

CVE-2020-4365

CVE-2020-4365 affects IBM WebSphere Application Server (notably 8.5) and is a server-side request forgery vulnerability. A remote authenticated attacker could craft a request to obtain sensitive data. IBM bulletins provide fixes for affected WAS variants (e.g., 8.5) and reference remediation path...

5.3CVSS4.4AI score0.01398EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/20 4:50 p.m.18 views

Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2020-4362)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

8.8CVSS2.3AI score0.02438EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/14 9:32 a.m.15 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2020-4362)

Summary IBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

8.8CVSS2.2AI score0.02438EPSS
Exploits0Affected Software2
CVE
CVE
added 2020/02/05 3:20 p.m.81 views

CVE-2019-4670

CVE-2019-4670 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. Root cause: information disclosure due to improper data representation in the Admin Console (as described in IBM Security Bulletins). Exploitation would permit remote attackers to obtain sensitive information. Remediat...

6.5CVSS6.2AI score0.01838EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.36 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2019-10086)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the...

7.5CVSS2.9AI score0.28839EPSS
Exploits1Affected Software1
Prion
Prion
added 2019/12/12 7:15 p.m.16 views

Design/Logic Flaw

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change...

5CVSS9.2AI score0.02028EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/12/12 7:8 p.m.70 views

CVE-2019-18285

CVE-2019-18285 affects Siemens SPPA-T3000 Application Server (all versions prior to Service Pack R8.2 SP2). The vulnerability arises from unencrypted RMI communication between the client and the Application Server, allowing an attacker who has access to the Application Highway or the communicatio...

5.9CVSS5.1AI score0.01024EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/12 7:8 p.m.34 views

CVE-2019-18287

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have...

4.8AI score0.0158EPSS
Exploits0References2
CVE
CVE
added 2019/12/12 7:8 p.m.72 views

CVE-2019-18283

CVE-2019-18283 affects Siemens SPPA-T3000 Application Server (all versions before Service Pack R8.2 SP2). The vulnerability is in Deserialization of Untrusted Data via the AdminService, which is available without authentication, enabling remote code execution by sending specially crafted objects ...

9.8CVSS9.4AI score0.05431EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2019/12/02 5:4 p.m.4 views

wildfly-security-manager: security manager authorization bypass

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...

8.8CVSS5.8AI score0.0119EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/07 5:19 p.m.4 views

wildfly-security-manager: security manager authorization bypass

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...

8.8CVSS5.8AI score0.0119EPSS
Exploits0References4
Rows per page
Query Builder