Lucene search
K

163 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:8 p.m.39 views

Potential security vulnerability with IBM WebSphere Application Server

Abstract Security Bulletin: Asset and Service Management Products - Potential security exposure when using WS-Security, with either JAX-WS or JAX-RPC, resulting in a user gaining elevated privileges CVE-2011-1377. Content VULNERABILITY DETAILS: CVE ID: CVE-2011-1377 DESCRIPTION: Websphere...

10CVSS9.3AI score0.02404EPSS
Exploits0Affected Software14
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.28 views

Security Bulletin: Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181)

Summary There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC. Vulnerability Details WebSphere Application Server could provide weaker than expected security when using web services...

10CVSS0.5AI score0.02404EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:59 a.m.31 views

Security Bulletin: Potential Security Vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.8

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.8 Vulnerability Details CVE ID:CVE-2013-0460PM72275 DESCRIPTION: WebSphere Application Server could be vulnerable to a cross-site request forgery, caused by improper validation of portlets in...

6.8CVSS7.4AI score0.01812EPSS
Exploits0Affected Software2
Veracode
Veracode
added 2017/04/19 3:13 a.m.26 views

Information Disclosure

Apache cxf-rt-ws-security is vulnerable to information disclosure. A malicious user can pass a malicious delegation token to the application, causing the application to return a cached token from another user...

7.5CVSS7.1AI score0.06827EPSS
Exploits0References15Affected Software2
Tenable Nessus
Tenable Nessus
added 2014/01/20 12:0 a.m.84 views

IBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 31 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A flaw in the modrewrite module of Apache HTTP Server potentially allows a remote attacker to execute arbitrary code via...

6.8CVSS7.6AI score0.29484EPSS
Exploits5References18
Tenable Nessus
Tenable Nessus
added 2013/12/05 12:0 a.m.67 views

IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities

IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5.1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. CVE-2012-209...

6.8CVSS7.4AI score0.29484EPSS
Exploits6References20
NVD
NVD
added 2013/09/20 9:55 p.m.24 views

CVE-2013-4053

The WS-Security implementation in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly...

6.8CVSS6.2AI score0.01256EPSS
Exploits0References4
Prion
Prion
added 2013/09/20 9:55 p.m.19 views

Code injection

The WS-Security implementation in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly...

6.8CVSS6.8AI score0.01256EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2013/09/20 9:0 p.m.73 views

CVE-2013-4053

CVE-2013-4053 refers to IBM WebSphere Application Server WS-Security with XML Digital Signature using a trust store, where improper certificate verification could let a remote attacker gain privileged access. Affected products/versions include WebSphere Application Server 8.5, 8.0, 7.0, and 6.1 (...

6.8CVSS8.8AI score0.01256EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/09/20 9:0 p.m.26 views

CVE-2013-4053

The WS-Security implementation in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly...

6.2AI score0.01256EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/09/20 12:0 a.m.205 views

IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 47 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A remote attacker can bypass authentication because of improper user validation on Linux, Solaris, and HP-UX platforms that us...

10CVSS7.3AI score0.35584EPSS
Exploits6References27
Tenable Nessus
Tenable Nessus
added 2013/07/23 12:0 a.m.127 views

IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5 Multiple Vulnerabilities

IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. CVE-2013-0169, PM85211 - The...

7.8CVSS6.6AI score0.35584EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2013/07/19 12:0 a.m.227 views

IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 29 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. CVE-2013-0169, PM85211 - The...

7.5CVSS6.9AI score0.35584EPSS
Exploits1References13
Prion
Prion
added 2013/05/29 2:29 p.m.30 views

Design/Logic Flaw

IBM WebSphere Application Server WAS 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message,...

4.3CVSS6.4AI score0.02404EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2013/05/29 10:0 a.m.30 views

CVE-2013-0482

IBM WebSphere Application Server WAS 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message,...

8.3AI score0.02028EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2013/05/28 5:34 p.m.7 views

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2013/05/20 3:20 p.m.7 views

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2013/05/10 12:0 a.m.72 views

IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 before Fix Pack 6 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists that could allow cross-site request forgery CSRF attacks. CVE-2012-4853 / PM62920 - The...

10CVSS6.8AI score0.35584EPSS
Exploits2References16
Tenable Nessus
Tenable Nessus
added 2013/05/10 12:0 a.m.204 views

IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities

IBM WebSphere Application Server 8.5 before Fix Pack 2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - The included Java SDK contains several errors that affect the application directly. CVE-2013-0169, CVE-2013-0440,...

10CVSS7AI score0.35584EPSS
Exploits2References18
RedHat Linux
RedHat Linux
added 2013/04/15 5:45 p.m.39 views

Important: Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.1 update

JBoss Enterprise BRMS Platform 5.3.1 roll up patch 1, which fixes two security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...

5.8CVSS7.2AI score0.08882EPSS
Exploits0References5
Rows per page
Query Builder