Lucene search

K
IbmWebsphere Application Server7.0.0.6

87 matches found

CVE
CVE
added 2013/05/29 2:29 p.m.51 views

CVE-2013-0482

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, r...

4.3CVSS7.7AI score0.01374EPSS
CVE
CVE
added 2013/04/24 10:28 a.m.51 views

CVE-2013-0543

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions ...

6.8CVSS9AI score0.00345EPSS
CVE
CVE
added 2013/04/24 10:28 a.m.51 views

CVE-2013-0544

Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors.

4CVSS8.5AI score0.00457EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.50 views

CVE-2011-1312

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2)...

4CVSS6.1AI score0.00121EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.50 views

CVE-2011-1318

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly st...

5CVSS6.5AI score0.00527EPSS
CVE
CVE
added 2011/07/19 8:55 p.m.50 views

CVE-2011-1355

Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter.

5.8CVSS6.6AI score0.0054EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.50 views

CVE-2013-0597

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS6.6AI score0.00162EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.50 views

CVE-2013-2976

The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.

1.9CVSS7.4AI score0.00054EPSS
CVE
CVE
added 2013/11/18 5:23 a.m.50 views

CVE-2013-5418

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS7AI score0.00162EPSS
CVE
CVE
added 2010/11/09 9:0 p.m.49 views

CVE-2010-0786

The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incor...

5CVSS6.5AI score0.00594EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.49 views

CVE-2011-1314

The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.

5CVSS6.5AI score0.00458EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.49 views

CVE-2011-1319

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication.

4CVSS6.2AI score0.00414EPSS
CVE
CVE
added 2013/04/24 10:28 a.m.49 views

CVE-2013-0541

Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon cra...

1.9CVSS8.3AI score0.00054EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.49 views

CVE-2013-4005

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

3.5CVSS7AI score0.00162EPSS
CVE
CVE
added 2010/06/18 6:30 p.m.48 views

CVE-2010-2325

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."

4.3CVSS5.7AI score0.00249EPSS
CVE
CVE
added 2010/11/09 9:0 p.m.48 views

CVE-2010-4220

Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection...

4.3CVSS5.7AI score0.00266EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.48 views

CVE-2011-1316

The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.

5CVSS6.5AI score0.00527EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.47 views

CVE-2011-1320

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remot...

6.8CVSS6.5AI score0.00478EPSS
CVE
CVE
added 2011/01/12 1:0 a.m.46 views

CVE-2011-0315

Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an appli...

4.3CVSS5.6AI score0.00478EPSS
CVE
CVE
added 2011/10/30 10:55 a.m.44 views

CVE-2009-2748

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00229EPSS
CVE
CVE
added 2010/11/09 9:0 p.m.44 views

CVE-2010-0784

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.0049EPSS
CVE
CVE
added 2011/10/30 10:55 a.m.43 views

CVE-2009-2747

The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information vi...

5CVSS5.8AI score0.00207EPSS
CVE
CVE
added 2010/11/09 9:0 p.m.43 views

CVE-2010-0783

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00475EPSS
CVE
CVE
added 2011/07/18 10:55 p.m.42 views

CVE-2010-3271

Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security...

6.8CVSS7AI score0.00985EPSS
CVE
CVE
added 2011/05/04 10:55 p.m.42 views

CVE-2011-1209

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryp...

4.3CVSS6.4AI score0.00126EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.42 views

CVE-2011-1310

The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially se...

1.9CVSS5.6AI score0.00051EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.42 views

CVE-2011-1311

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated u...

6CVSS6.5AI score0.00301EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.42 views

CVE-2011-1321

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membe...

6.5CVSS6.4AI score0.00322EPSS
CVE
CVE
added 2010/03/29 8:30 p.m.41 views

CVE-2010-1182

Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors.

7.5CVSS6.5AI score0.00396EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.41 views

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.

7.5CVSS6.5AI score0.00401EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.41 views

CVE-2011-1313

Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by reque...

5CVSS6.5AI score0.00314EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.40 views

CVE-2011-1307

The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.

2.1CVSS6AI score0.00052EPSS
CVE
CVE
added 2012/05/01 7:55 p.m.40 views

CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-mi...

6.8CVSS6.2AI score0.0054EPSS
CVE
CVE
added 2009/09/21 7:30 p.m.38 views

CVE-2009-2743

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure D...

2.1CVSS5.6AI score0.00064EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.38 views

CVE-2011-1308

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00295EPSS
CVE
CVE
added 2010/06/18 6:30 p.m.36 views

CVE-2010-2324

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.

7.5CVSS6.5AI score0.00401EPSS
CVE
CVE
added 2011/04/13 2:55 p.m.36 views

CVE-2011-1683

IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.

6.8CVSS6.6AI score0.0138EPSS
Total number of security vulnerabilities87