Websphere Application Server@7.0.0.5 Security Vulnerabilities and Issues — Websphere Application Server@7.0.0.5 CVE List

Lucene search

IbmWebsphere Application Server7.0.0.5

16 matches found

CVE•added 2012/08/21 10:46 a.m.•337 views

CVE-2012-2190

IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello messa...

5CVSS8.6AI score0.00911EPSS

CVE•added 2012/01/19 11:55 a.m.•66 views

CVE-2011-1376

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

4.6CVSS8.4AI score0.00116EPSS

CVE•added 2012/06/20 10:27 a.m.•64 views

CVE-2012-0717

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

2.6CVSS9.2AI score0.00066EPSS

CVE•added 2012/08/30 10:55 p.m.•62 views

CVE-2012-3325

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via un...

6CVSS8.5AI score0.00969EPSS

CVE•added 2012/09/25 8:55 p.m.•61 views

CVE-2012-3311

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users ...

3.3CVSS8.2AI score0.00064EPSS

CVE•added 2012/11/14 12:30 p.m.•61 views

CVE-2012-3330

The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request.

5CVSS8.7AI score0.00594EPSS

CVE•added 2012/11/14 12:30 p.m.•60 views

CVE-2012-4853

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.

6.8CVSS9.3AI score0.00163EPSS

CVE•added 2012/06/20 10:27 a.m.•59 views

CVE-2012-0720

Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS7.3AI score0.00322EPSS

CVE•added 2012/06/20 10:27 a.m.•57 views

CVE-2012-0716

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.3AI score0.00266EPSS

CVE•added 2012/06/20 10:27 a.m.•57 views

CVE-2012-2170

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.

4.3CVSS8.7AI score0.00576EPSS

CVE•added 2012/09/25 8:55 p.m.•54 views

CVE-2012-3304

The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors.

6.8CVSS9AI score0.00731EPSS

CVE•added 2012/08/21 10:46 a.m.•52 views

CVE-2012-3293

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME el...

4.3CVSS7.3AI score0.00328EPSS

CVE•added 2012/09/25 8:55 p.m.•52 views

CVE-2012-3306

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors.

6.8CVSS9.4AI score0.00343EPSS

CVE•added 2012/01/15 3:55 a.m.•51 views

CVE-2011-1362

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOT...

4.3CVSS5.6AI score0.00295EPSS

CVE•added 2012/01/20 4:4 a.m.•48 views

CVE-2012-0193

IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (...

5CVSS8.8AI score0.00816EPSS

CVE•added 2012/05/01 7:55 p.m.•40 views

CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-mi...

6.8CVSS6.2AI score0.0054EPSS