Websphere Application Server@7.0.0.7 Security Vulnerabilities and Issues — Page 3 of Websphere Application Server@7.0.0.7 CVE List

Lucene search

IbmWebsphere Application Server7.0.0.7

109 matches found

CVE•added 2010/03/29 8:30 p.m.•41 views

CVE-2010-1182

Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors.

7.5CVSS6.5AI score0.00396EPSS

CVE•added 2011/03/08 9:59 p.m.•41 views

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.

7.5CVSS6.5AI score0.00401EPSS

CVE•added 2011/03/08 9:59 p.m.•41 views

CVE-2011-1313

Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by reque...

5CVSS6.5AI score0.00314EPSS

CVE•added 2011/03/08 9:59 p.m.•40 views

CVE-2011-1307

The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.

2.1CVSS6AI score0.00052EPSS

CVE•added 2012/05/01 7:55 p.m.•40 views

CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-mi...

6.8CVSS6.2AI score0.0054EPSS

CVE•added 2010/02/08 9:30 p.m.•38 views

CVE-2010-0563

The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.

5CVSS6.2AI score0.00449EPSS

CVE•added 2011/03/08 9:59 p.m.•38 views

CVE-2011-1308

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00295EPSS

CVE•added 2010/06/18 6:30 p.m.•36 views

CVE-2010-2324

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.

7.5CVSS6.5AI score0.00401EPSS

CVE•added 2011/04/13 2:55 p.m.•36 views

CVE-2011-1683

IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.

6.8CVSS6.6AI score0.0138EPSS

Total number of security vulnerabilities109