Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
IbmWebsphere Application Server7.0

190 matches found

CVE
CVEadded 2012/08/21 10:46 a.m.337 views

CVE-2012-2190

IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello messa...

5CVSS8.6AI score0.00911EPSS
CVE
CVEadded 2019/09/20 4:15 p.m.179 views

CVE-2019-4505

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

5.3CVSS5.1AI score0.00193EPSS
CVE
CVEadded 2020/06/05 5:15 p.m.153 views

CVE-2020-4448

IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.

10CVSS9.3AI score0.1624EPSS
CVE
CVEadded 2020/06/05 5:15 p.m.145 views

CVE-2020-4449

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

7.5CVSS7.1AI score0.00778EPSS
CVE
CVEadded 2009/07/14 11:30 p.m.139 views

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10...

5CVSS7.1AI score0.2999EPSS
CVE
CVEadded 2023/05/03 8:15 p.m.134 views

CVE-2022-39161

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could expl...

5.3CVSS4.8AI score0.00027EPSS
CVE
CVEadded 2022/09/09 4:15 p.m.126 views

CVE-2022-34165

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cac...

5.4CVSS5AI score0.00167EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.123 views

CVE-2019-4442

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.

4.3CVSS4.7AI score0.0042EPSS
CVE
CVEadded 2020/04/10 2:15 p.m.121 views

CVE-2020-4362

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.

8.8CVSS7.4AI score0.00558EPSS
CVE
CVEadded 2020/02/03 5:15 p.m.120 views

CVE-2019-4732

IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a ...

7.2CVSS6.3AI score0.00164EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.105 views

CVE-2019-4270

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

5.4CVSS5.3AI score0.00277EPSS
CVE
CVEadded 2020/07/17 2:15 p.m.101 views

CVE-2020-4464

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.

9CVSS8.7AI score0.37876EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.97 views

CVE-2019-4477

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.

6.5CVSS6.4AI score0.00208EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.96 views

CVE-2019-4271

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

3.5CVSS3.8AI score0.00263EPSS
CVE
CVEadded 2019/09/17 7:15 p.m.95 views

CVE-2019-4268

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201.

5.3CVSS5.4AI score0.00424EPSS
CVE
CVEadded 2022/05/20 5:15 p.m.95 views

CVE-2022-22365

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.

5.9CVSS5.5AI score0.00061EPSS
CVE
CVEadded 2020/08/13 12:15 p.m.94 views

CVE-2020-4589

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585.

10CVSS9.4AI score0.0677EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.92 views

CVE-2021-38951

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405.

7.5CVSS7.3AI score0.00086EPSS
CVE
CVEadded 2018/09/07 4:0 p.m.89 views

CVE-2018-1567

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.

9.8CVSS9.3AI score0.0074EPSS
CVE
CVEadded 2015/05/20 12:59 a.m.87 views

CVE-2015-1920

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.

10CVSS7.3AI score0.18392EPSS
CVE
CVEadded 2021/02/10 5:15 p.m.86 views

CVE-2021-20353

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.

8.2CVSS8AI score0.01482EPSS
CVE
CVEadded 2022/07/14 5:15 p.m.86 views

CVE-2022-22473

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.

5.3CVSS5.1AI score0.00072EPSS
CVE
CVEadded 2020/01/31 4:15 p.m.85 views

CVE-2019-4720

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.

7.5CVSS7.4AI score0.00153EPSS
CVE
CVEadded 2020/03/26 2:15 p.m.85 views

CVE-2020-4276

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.

7.5CVSS7.6AI score0.0054EPSS
CVE
CVEadded 2016/07/03 9:59 p.m.82 views

CVE-2016-0359

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a craf...

6.1CVSS6.2AI score0.00322EPSS
CVE
CVEadded 2010/10/29 7:0 p.m.81 views

CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

5CVSS6.5AI score0.00248EPSS
CVE
CVEadded 2017/02/01 10:59 p.m.78 views

CVE-2016-8919

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.

7.8CVSS7.3AI score0.00859EPSS
CVE
CVEadded 2020/04/28 2:15 p.m.78 views

CVE-2020-4329

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.

4.3CVSS4.5AI score0.00083EPSS
CVE
CVEadded 2017/07/24 9:29 p.m.77 views

CVE-2017-1382

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.

7.1CVSS6.9AI score0.00039EPSS
CVE
CVEadded 2019/03/25 7:29 p.m.77 views

CVE-2019-4046

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.

7.5CVSS7.4AI score0.01177EPSS
CVE
CVEadded 2021/01/26 3:15 p.m.77 views

CVE-2020-4949

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.

8.2CVSS8AI score0.00331EPSS
CVE
CVEadded 2016/10/05 10:59 a.m.75 views

CVE-2016-5983

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

7.5CVSS7.6AI score0.13762EPSS
CVE
CVEadded 2017/02/13 10:59 p.m.75 views

CVE-2017-1121

IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #...

5.4CVSS5.3AI score0.0027EPSS
CVE
CVEadded 2019/10/03 2:15 p.m.75 views

CVE-2019-4441

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.

5.3CVSS5.2AI score0.00295EPSS
CVE
CVEadded 2017/04/28 5:59 p.m.74 views

CVE-2017-1194

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.

8.8CVSS8.4AI score0.00171EPSS
CVE
CVEadded 2017/10/10 9:29 p.m.71 views

CVE-2017-1503

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform ...

6.1CVSS6.1AI score0.00388EPSS
CVE
CVEadded 2019/03/11 10:29 p.m.71 views

CVE-2018-1902

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.

4.3CVSS4.5AI score0.00277EPSS
CVE
CVEadded 2021/04/08 1:15 p.m.70 views

CVE-2021-20480

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

6.5CVSS6.3AI score0.0034EPSS
CVE
CVEadded 2018/11/15 4:29 p.m.69 views

CVE-2018-1643

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosur...

6.1CVSS5.8AI score0.00436EPSS
CVE
CVEadded 2020/08/03 1:15 p.m.69 views

CVE-2020-4534

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arb...

8.8CVSS8.7AI score0.00147EPSS
CVE
CVEadded 2010/06/18 6:30 p.m.68 views

CVE-2010-2323

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT.

5CVSS6.1AI score0.00301EPSS
CVE
CVEadded 2020/02/04 5:15 p.m.67 views

CVE-2020-4163

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.

7.2CVSS6.7AI score0.00418EPSS
CVE
CVEadded 2012/01/19 11:55 a.m.66 views

CVE-2011-1376

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

4.6CVSS8.4AI score0.00116EPSS
CVE
CVEadded 2021/07/30 12:15 p.m.66 views

CVE-2021-29736

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.

8.8CVSS8.5AI score0.00675EPSS
CVE
CVEadded 2021/09/16 4:15 p.m.66 views

CVE-2021-29842

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

5.3CVSS5.3AI score0.00088EPSS
CVE
CVEadded 2015/11/08 10:59 p.m.65 views

CVE-2015-2017

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

4.3CVSS7.2AI score0.0035EPSS
CVE
CVEadded 2012/06/20 10:27 a.m.64 views

CVE-2012-0717

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

2.6CVSS9.2AI score0.00066EPSS
CVE
CVEadded 2015/07/14 5:59 p.m.64 views

CVE-2015-1946

IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.

4.4CVSS6.5AI score0.00058EPSS
CVE
CVEadded 2018/05/04 2:29 p.m.64 views

CVE-2017-1743

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933.

4.3CVSS4.4AI score0.00288EPSS
CVE
CVEadded 2018/10/12 12:0 p.m.64 views

CVE-2018-1770

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686.

6.5CVSS6.4AI score0.00513EPSS
Total number of security vulnerabilities190