Websphere Application Server@6.1.0.33 Security Vulnerabilities and Issues — Page 2 of Websphere Application Server@6.1.0.33 CVE List

Lucene search

IbmWebsphere Application Server6.1.0.33

60 matches found

CVE•added 2011/03/08 9:59 p.m.•42 views

CVE-2011-1310

The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially se...

1.9CVSS5.6AI score0.00051EPSS

CVE•added 2011/03/08 9:59 p.m.•42 views

CVE-2011-1311

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated u...

6CVSS6.5AI score0.00301EPSS

CVE•added 2011/03/08 9:59 p.m.•42 views

CVE-2011-1321

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membe...

6.5CVSS6.4AI score0.00322EPSS

CVE•added 2011/03/08 9:59 p.m.•41 views

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.

7.5CVSS6.5AI score0.00401EPSS

CVE•added 2011/03/08 9:59 p.m.•41 views

CVE-2011-1313

Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by reque...

5CVSS6.5AI score0.00314EPSS

CVE•added 2011/03/08 9:59 p.m.•40 views

CVE-2011-1307

The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.

2.1CVSS6AI score0.00052EPSS

CVE•added 2012/01/15 3:55 a.m.•40 views

CVE-2011-5065

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging.

4.3CVSS5.5AI score0.00478EPSS

CVE•added 2012/05/01 7:55 p.m.•40 views

CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-mi...

6.8CVSS6.2AI score0.0054EPSS

CVE•added 2011/03/08 9:59 p.m.•38 views

CVE-2011-1308

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00295EPSS

CVE•added 2011/04/13 2:55 p.m.•36 views

CVE-2011-1683

IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.

6.8CVSS6.6AI score0.0138EPSS

Total number of security vulnerabilities60