Websphere Application Server@7.0.0.11 Security Vulnerabilities and Issues — Websphere Application Server@7.0.0.11 CVE List

Lucene search

IbmWebsphere Application Server7.0.0.11

95 matches found

CVE•added 2012/08/21 10:46 a.m.•337 views

CVE-2012-2190

IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello messa...

5CVSS8.6AI score0.00911EPSS

CVE•added 2015/05/20 12:59 a.m.•87 views

CVE-2015-1920

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.

10CVSS7.3AI score0.18392EPSS

CVE•added 2016/07/03 9:59 p.m.•82 views

CVE-2016-0359

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a craf...

6.1CVSS6.2AI score0.00322EPSS

CVE•added 2016/10/05 10:59 a.m.•75 views

CVE-2016-5983

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

7.5CVSS7.6AI score0.13762EPSS

CVE•added 2015/08/22 11:59 p.m.•67 views

CVE-2015-4938

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors.

5CVSS8AI score0.00379EPSS

CVE•added 2012/01/19 11:55 a.m.•66 views

CVE-2011-1376

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

4.6CVSS8.4AI score0.00116EPSS

CVE•added 2015/11/08 10:59 p.m.•65 views

CVE-2015-2017

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

4.3CVSS7.2AI score0.0035EPSS

CVE•added 2012/06/20 10:27 a.m.•64 views

CVE-2012-0717

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

2.6CVSS9.2AI score0.00066EPSS

CVE•added 2012/09/25 8:55 p.m.•63 views

CVE-2012-3305

Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.

6.4CVSS8.9AI score0.00233EPSS

CVE•added 2015/04/27 12:59 p.m.•63 views

CVE-2015-1885

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vecto...

9.3CVSS7.1AI score0.0214EPSS

CVE•added 2016/09/01 10:59 a.m.•63 views

CVE-2016-0385

Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

3.5CVSS5AI score0.00295EPSS

CVE•added 2012/08/30 10:55 p.m.•62 views

CVE-2012-3325

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via un...

6CVSS8.5AI score0.00969EPSS

CVE•added 2014/08/22 1:55 a.m.•62 views

CVE-2014-3083

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS4.7AI score0.00376EPSS

CVE•added 2014/09/23 10:55 p.m.•62 views

CVE-2014-4816

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for reques...

6CVSS4.2AI score0.00085EPSS

CVE•added 2015/07/14 5:59 p.m.•62 views

CVE-2015-1927

The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged acces...

6.8CVSS6.9AI score0.00685EPSS

CVE•added 2012/09/25 8:55 p.m.•61 views

CVE-2012-3311

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users ...

3.3CVSS8.2AI score0.00064EPSS

CVE•added 2012/11/14 12:30 p.m.•61 views

CVE-2012-3330

The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request.

5CVSS8.7AI score0.00594EPSS

CVE•added 2013/01/27 6:55 p.m.•61 views

CVE-2013-0460

Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site sc...

6.8CVSS8.7AI score0.00119EPSS

CVE•added 2013/11/18 5:23 a.m.•61 views

CVE-2013-5414

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportun...

3.5CVSS8.9AI score0.0016EPSS

CVE•added 2014/09/23 10:55 p.m.•61 views

CVE-2014-4770

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS3.5AI score0.00492EPSS

CVE•added 2014/12/18 4:59 p.m.•61 views

CVE-2014-6174

IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.

4.3CVSS4AI score0.00313EPSS

CVE•added 2016/10/01 1:59 a.m.•61 views

CVE-2016-5986

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.

7.5CVSS7.2AI score0.00445EPSS

CVE•added 2012/11/14 12:30 p.m.•60 views

CVE-2012-4853

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.

6.8CVSS9.3AI score0.00163EPSS

CVE•added 2013/01/27 6:55 p.m.•60 views

CVE-2013-0462

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors.

10CVSS9.1AI score0.00452EPSS

CVE•added 2013/09/20 9:55 p.m.•60 views

CVE-2013-4053

The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly ve...

6.8CVSS8.8AI score0.00399EPSS

CVE•added 2014/05/01 5:29 p.m.•60 views

CVE-2013-6323

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script o...

3.5CVSS6.9AI score0.00304EPSS

CVE•added 2014/10/19 1:55 a.m.•60 views

CVE-2014-3021

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.

5CVSS4AI score0.00544EPSS

CVE•added 2016/05/17 2:8 p.m.•60 views

CVE-2016-0306

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

5.9CVSS5.4AI score0.00264EPSS

CVE•added 2016/10/22 3:59 a.m.•60 views

CVE-2016-0377

The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.3CVSS4.1AI score0.00288EPSS

CVE•added 2012/06/20 10:27 a.m.•59 views

CVE-2012-0720

Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS7.3AI score0.00322EPSS

CVE•added 2013/09/20 9:55 p.m.•59 views

CVE-2013-4052

Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.3AI score0.00266EPSS

CVE•added 2013/11/18 5:23 a.m.•59 views

CVE-2013-5417

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data.

4.3CVSS7.5AI score0.00265EPSS

CVE•added 2014/08/22 1:55 a.m.•59 views

CVE-2014-3022

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

4.3CVSS8.6AI score0.00506EPSS

CVE•added 2014/12/18 4:59 p.m.•59 views

CVE-2014-6167

Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS3.9AI score0.00324EPSS

CVE•added 2015/08/22 11:59 p.m.•59 views

CVE-2015-1932

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.

5CVSS6.9AI score0.00315EPSS

CVE•added 2011/09/06 3:55 p.m.•58 views

CVE-2011-1359

Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

5CVSS6.4AI score0.00193EPSS

CVE•added 2011/03/08 9:59 p.m.•57 views

CVE-2011-1317

Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that tri...

5CVSS6.5AI score0.00458EPSS

CVE•added 2012/06/20 10:27 a.m.•57 views

CVE-2012-0716

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.3AI score0.00266EPSS

CVE•added 2012/06/20 10:27 a.m.•57 views

CVE-2012-2170

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.

4.3CVSS8.7AI score0.00576EPSS

CVE•added 2013/01/27 6:55 p.m.•57 views

CVE-2013-0459

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.3AI score0.00266EPSS

CVE•added 2013/04/24 10:28 a.m.•57 views

CVE-2013-0542

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values.

4.3CVSS7.5AI score0.00266EPSS

CVE•added 2016/08/08 1:59 a.m.•57 views

CVE-2016-2960

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.

4.3CVSS5.3AI score0.00676EPSS

CVE•added 2013/08/21 9:55 p.m.•55 views

CVE-2013-3029

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that inse...

6.8CVSS8.7AI score0.00119EPSS

CVE•added 2014/01/16 8:55 p.m.•55 views

CVE-2013-6725

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS7AI score0.00291EPSS

CVE•added 2014/06/28 12:55 a.m.•55 views

CVE-2014-0891

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.

5CVSS8.9AI score0.0039EPSS

CVE•added 2016/01/23 5:59 a.m.•55 views

CVE-2015-7417

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.

5.4CVSS5.1AI score0.00172EPSS

CVE•added 2011/01/12 1:0 a.m.•54 views

CVE-2011-0316

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.

5CVSS6AI score0.00649EPSS

CVE•added 2011/03/08 9:59 p.m.•54 views

CVE-2011-1322

The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages.

5CVSS6.6AI score0.00527EPSS

CVE•added 2012/09/25 8:55 p.m.•54 views

CVE-2012-3304

The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors.

6.8CVSS9AI score0.00731EPSS

CVE•added 2014/01/16 8:55 p.m.•54 views

CVE-2013-6325

IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint.

4.3CVSS8.7AI score0.00923EPSS

Total number of security vulnerabilities95