Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
IbmWebsphere Application Server*

167 matches found

CVE
CVEadded 2007/06/19 6:30 p.m.38 views

CVE-2007-3264

Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.

10CVSS6.4AI score0.01003EPSS
CVE
CVEadded 2009/06/03 5:0 p.m.38 views

CVE-2009-1900

The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting t...

5CVSS5.9AI score0.00634EPSS
CVE
CVEadded 2011/03/08 9:59 p.m.38 views

CVE-2011-1308

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00295EPSS
CVE
CVEadded 2007/03/22 11:19 p.m.37 views

CVE-2007-1608

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.

7.5CVSS6.7AI score0.00852EPSS
CVE
CVEadded 2008/01/23 2:0 a.m.37 views

CVE-2008-0389

Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.

10CVSS6.4AI score0.01377EPSS
CVE
CVEadded 2008/12/10 12:30 a.m.37 views

CVE-2008-5413

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434.

5CVSS5.7AI score0.00302EPSS
CVE
CVEadded 2006/08/14 11:4 p.m.36 views

CVE-2006-4136

Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.

7.5CVSS7.2AI score0.00666EPSS
CVE
CVEadded 2009/06/03 5:0 p.m.36 views

CVE-2009-1901

The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.

10CVSS6.6AI score0.00531EPSS
CVE
CVEadded 2010/06/18 6:30 p.m.36 views

CVE-2010-2324

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.

7.5CVSS6.5AI score0.00401EPSS
CVE
CVEadded 2007/04/30 10:19 p.m.35 views

CVE-2006-7198

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.

10CVSS6.8AI score0.01094EPSS
CVE
CVEadded 2008/01/10 2:46 a.m.35 views

CVE-2007-6679

Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.

10CVSS6.3AI score0.01325EPSS
CVE
CVEadded 2007/11/03 12:46 a.m.34 views

CVE-2007-5799

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valu...

4.3CVSS6.8AI score0.002EPSS
CVE
CVEadded 2009/02/10 10:30 p.m.33 views

CVE-2008-4283

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

10CVSS6.9AI score0.00499EPSS
CVE
CVEadded 2008/12/10 12:30 a.m.32 views

CVE-2008-5411

IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5CVSS5.9AI score0.00427EPSS
CVE
CVEadded 2009/02/17 5:30 p.m.32 views

CVE-2009-0504

WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

2.1CVSS6.4AI score0.00054EPSS
CVE
CVEadded 2018/10/12 5:29 a.m.32 views

CVE-2018-1838

IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811.

6.5CVSS6.7AI score0.00129EPSS
CVE
CVEadded 2025/06/25 9:15 p.m.29 views

CVE-2025-36038

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.

9.8CVSS8AI score0.00171EPSS
Total number of security vulnerabilities167