Websphere Application Server@7.0 Security Vulnerabilities and Issues — Page 2 of Websphere Application Server@7.0 CVE List

Lucene search

IbmWebsphere Application Server7.0

190 matches found

CVE•added 2018/10/03 2:29 p.m.•64 views

CVE-2018-1793

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...

6.1CVSS5.8AI score0.00315EPSS

CVE•added 2019/06/28 5:15 p.m.•64 views

CVE-2019-4269

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202.

7.5CVSS7.1AI score0.00358EPSS

CVE•added 2009/03/16 7:30 p.m.•63 views

CVE-2009-0508

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other...

7.5CVSS6.8AI score0.01719EPSS

CVE•added 2012/09/25 8:55 p.m.•63 views

CVE-2012-3305

Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.

6.4CVSS8.9AI score0.00233EPSS

CVE•added 2015/04/27 12:59 p.m.•63 views

CVE-2015-1885

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vecto...

9.3CVSS7.1AI score0.0214EPSS

CVE•added 2016/09/01 10:59 a.m.•63 views

CVE-2016-0385

Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

3.5CVSS5AI score0.00295EPSS

CVE•added 2020/09/30 3:15 p.m.•63 views

CVE-2020-4629

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.

3.3CVSS3.4AI score0.00093EPSS

CVE•added 2012/08/30 10:55 p.m.•62 views

CVE-2012-3325

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via un...

6CVSS8.5AI score0.00969EPSS

CVE•added 2014/08/22 1:55 a.m.•62 views

CVE-2014-3083

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS4.7AI score0.00376EPSS

CVE•added 2014/09/23 10:55 p.m.•62 views

CVE-2014-4816

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for reques...

6CVSS4.2AI score0.00085EPSS

CVE•added 2015/07/14 5:59 p.m.•62 views

CVE-2015-1927

The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged acces...

6.8CVSS6.9AI score0.00685EPSS

CVE•added 2012/11/14 12:30 p.m.•61 views

CVE-2012-3330

The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request.

5CVSS8.7AI score0.00594EPSS

CVE•added 2013/01/27 6:55 p.m.•61 views

CVE-2013-0460

Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site sc...

6.8CVSS8.7AI score0.00119EPSS

CVE•added 2013/11/18 5:23 a.m.•61 views

CVE-2013-5414

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportun...

3.5CVSS8.9AI score0.0016EPSS

CVE•added 2014/09/23 10:55 p.m.•61 views

CVE-2014-4770

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS3.5AI score0.00492EPSS

CVE•added 2016/10/01 1:59 a.m.•61 views

CVE-2016-5986

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.

7.5CVSS7.2AI score0.00445EPSS

CVE•added 2018/10/03 2:29 p.m.•61 views

CVE-2018-1794

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses...

6.1CVSS5.8AI score0.00346EPSS

CVE•added 2020/09/21 5:15 p.m.•61 views

CVE-2020-4643

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.

7.5CVSS7.5AI score0.00335EPSS

CVE•added 2012/11/14 12:30 p.m.•60 views

CVE-2012-4853

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.

6.8CVSS9.3AI score0.00163EPSS

CVE•added 2013/01/27 6:55 p.m.•60 views

CVE-2013-0462

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors.

10CVSS9.1AI score0.00452EPSS

CVE•added 2013/09/20 9:55 p.m.•60 views

CVE-2013-4053

The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly ve...

6.8CVSS8.8AI score0.00399EPSS

CVE•added 2014/05/01 5:29 p.m.•60 views

CVE-2013-6323

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script o...

3.5CVSS6.9AI score0.00304EPSS

CVE•added 2014/10/19 1:55 a.m.•60 views

CVE-2014-3021

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.

5CVSS4AI score0.00544EPSS

CVE•added 2017/07/24 9:29 p.m.•60 views

CVE-2017-1380

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.3AI score0.00403EPSS

CVE•added 2018/03/14 12:29 a.m.•60 views

CVE-2017-1741

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.

4.3CVSS4.3AI score0.00258EPSS

CVE•added 2018/11/16 4:0 p.m.•60 views

CVE-2018-1797

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit ...

6.3CVSS5.6AI score0.00607EPSS

CVE•added 2019/02/19 5:29 p.m.•60 views

CVE-2018-1996

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.

5.3CVSS5.2AI score0.00093EPSS

CVE•added 2020/10/28 5:15 p.m.•60 views

CVE-2020-4782

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

6.5CVSS6.4AI score0.00416EPSS

CVE•added 2022/09/28 4:15 p.m.•60 views

CVE-2022-35282

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.

6.5CVSS6.1AI score0.00031EPSS

CVE•added 2012/06/20 10:27 a.m.•59 views

CVE-2012-0720

Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS7.3AI score0.00322EPSS

CVE•added 2013/09/20 9:55 p.m.•59 views

CVE-2013-4052

Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.3AI score0.00266EPSS

CVE•added 2013/11/18 5:23 a.m.•59 views

CVE-2013-5417

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data.

4.3CVSS7.5AI score0.00265EPSS

CVE•added 2014/08/22 1:55 a.m.•59 views

CVE-2014-3022

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

4.3CVSS8.6AI score0.00506EPSS

CVE•added 2020/02/05 4:15 p.m.•59 views

CVE-2019-4670

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.

6.5CVSS6.2AI score0.00252EPSS

CVE•added 2020/09/10 5:15 p.m.•59 views

CVE-2020-4578

5.4CVSS5.3AI score0.00287EPSS

CVE•added 2010/06/24 5:30 p.m.•58 views

CVE-2010-0778

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.5AI score0.00202EPSS

CVE•added 2011/09/06 3:55 p.m.•58 views

CVE-2011-1359

Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

5CVSS6.4AI score0.00193EPSS

CVE•added 2017/07/21 8:29 p.m.•58 views

CVE-2017-1381

IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.

3.3CVSS3.6AI score0.00057EPSS

CVE•added 2010/05/17 10:30 p.m.•57 views

CVE-2010-0776

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.

5CVSS6.4AI score0.00527EPSS

CVE•added 2011/03/08 9:59 p.m.•57 views

CVE-2011-1317

Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that tri...

5CVSS6.5AI score0.00458EPSS

CVE•added 2012/06/20 10:27 a.m.•57 views

CVE-2012-0716

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.3AI score0.00266EPSS

CVE•added 2012/06/20 10:27 a.m.•57 views

CVE-2012-2170

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.

4.3CVSS8.7AI score0.00576EPSS

CVE•added 2013/01/27 6:55 p.m.•57 views

CVE-2013-0459

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7.3AI score0.00266EPSS

CVE•added 2014/05/01 5:29 p.m.•57 views

CVE-2014-0823

IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.

4.3CVSS8.9AI score0.0039EPSS

CVE•added 2016/08/08 1:59 a.m.•57 views

CVE-2016-2960

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.

4.3CVSS5.3AI score0.00676EPSS

CVE•added 2019/04/02 2:29 p.m.•57 views

CVE-2019-4080

IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.

6.8CVSS6.4AI score0.0134EPSS

CVE•added 2021/04/21 12:15 p.m.•57 views

CVE-2021-20454

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.

8.2CVSS8AI score0.00172EPSS

CVE•added 2020/10/01 4:15 p.m.•56 views

CVE-2020-4576

IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428.

7.5CVSS7.1AI score0.00442EPSS

CVE•added 2013/08/21 9:55 p.m.•55 views

CVE-2013-3029

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that inse...

6.8CVSS8.7AI score0.00119EPSS

CVE•added 2014/01/16 8:55 p.m.•55 views

CVE-2013-6725

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS7AI score0.00291EPSS

Total number of security vulnerabilities190