Lucene search
K

127 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago3 views

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7278745)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by multiple vulnerabilities as referenced in the 7278745 advisory. - jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of...

6.9CVSS6.5AI score0.87218EPSS
Exploits15References8
NVD
NVD
added 6 days ago7 views

CVE-2026-13773

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...

10CVSS0.03415EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-13772

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

9.9CVSS0.00283EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40388

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS6.2AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-13759 IBM WebSphere eXtreme Scale is affected by Insecure Deserilization

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-13759

CVE-2026-13759 affects IBM WebSphere eXtreme Scale (WebSphere Extreme Scale) 8.6.1.0–8.6.1.6. The root cause is insecure deserialization: three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) ship without a JEP-290 class filter. ...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-40387

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-13772 IBM WebSphere eXtreme Scale's OQL is affected by remote code execution

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-13772

CVE-2026-13772 affects IBM WebSphere eXtreme Scale (OQL engine) on versions 8.6.1.0–8.6.1.6. The issue arises from attacker-supplied class names being resolved via Class.forName() and their constructors invoked at three sinks (SELECT NEW, enum literals, reflection-based comparators) without an al...

9.9CVSS6.1AI score0.00283EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40386

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...

6CVSS6.4AI score0.03415EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-13773

CVE-2026-13773 affects IBM WebSphere eXtreme Scale 8.6.1.0–8.6.1.6. Approximately 50 generated CORBA stub classes in ogclient.jar deserialize an attacker-controlled IOR via ObjectInputStream, using ORB.string_to_object() to perform outbound IIOP SSRF to a chosen host. When combined with IBM ORB g...

10CVSS6.4AI score0.03415EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-9002 IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS0.00269EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40379

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 6 days ago16 views

CVE-2026-9002

IBM WebSphere eXtremes Scale is affected in versions 8.6.1.0–8.6.1.6 by an XDF decoder validation issue. The decoder may mishandle deeply nested Protocol Buffers messages and attacker-controlled length prefixes without proper bounds checking, enabling an adjacent attacker to trigger StackOverflow...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM WebSphere eXtreme Scale's OQL is affected by remote code execution

Summary IBM WebSphere eXtremes Scale's OQL is affected by remote code execution CVE-2026-13772 Vulnerability Details CVEID:CVE-2026-13772 DESCRIPTION: WebSphere eXtreme Scale's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors wit...

9.9CVSS6.6AI score0.00283EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol

Summary IBM WebSphere eXtremes Scale is affected by server side request forgery when ORB is used as Transport Protocol CVE-2026-13773 Vulnerability Details CVEID:CVE-2026-13773 DESCRIPTION: Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call...

10CVSS6.2AI score0.03415EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM WebSphere eXtreme Scale is affected by Insecure Deserilization

Summary IBM WebSphere eXtreme Scale is affected by Insecure Deserilization of untrusted data CVE-2026-13759 Vulnerability Details CVEID:CVE-2026-13759 DESCRIPTION: WebSphere eXtreme Scale ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream,...

8.8CVSS6.2AI score0.00303EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-53942

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, and ObjectInputStreamResolver do not install a JEP-290 class filter, which i...

8.8CVSS6.9AI score0.00303EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-53951

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Improper validation in the XDF decoder allows an adjacent attacker to cause a denial of service. The application processes deeply nested Protocol Buffers messages and...

6.5CVSS6AI score0.00269EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7278346)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by a vulnerability as referenced in the 7278346 advisory. - IBM WebSphere eXtreme Scale could allow an adjacent attacker to cause a denial of service due to improper...

6.5CVSS6AI score0.00269EPSS
Exploits0References2
Rows per page
Query Builder