Lucene search

K
IbmWebsphere Application Server7.0

190 matches found

CVE
CVE
added 2014/05/01 5:29 p.m.55 views

CVE-2014-0857

The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request.

4CVSS8.3AI score0.00253EPSS
CVE
CVE
added 2014/06/28 12:55 a.m.55 views

CVE-2014-0891

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.

5CVSS8.9AI score0.0039EPSS
CVE
CVE
added 2018/06/26 8:29 p.m.55 views

CVE-2018-1614

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270.

7.5CVSS7.2AI score0.00586EPSS
CVE
CVE
added 2010/04/01 7:30 p.m.54 views

CVE-2010-0769

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.

1.9CVSS5.9AI score0.00054EPSS
CVE
CVE
added 2011/01/12 1:0 a.m.54 views

CVE-2011-0316

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.

5CVSS6AI score0.00649EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.54 views

CVE-2011-1322

The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages.

5CVSS6.6AI score0.00527EPSS
CVE
CVE
added 2014/01/16 8:55 p.m.54 views

CVE-2013-6325

IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint.

4.3CVSS8.7AI score0.00923EPSS
CVE
CVE
added 2014/08/22 1:55 a.m.54 views

CVE-2014-0965

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.

4.3CVSS8.6AI score0.00549EPSS
CVE
CVE
added 2018/10/16 7:29 p.m.54 views

CVE-2018-1777

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.3AI score0.00315EPSS
CVE
CVE
added 2018/12/12 4:29 p.m.54 views

CVE-2018-1926

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit...

8.8CVSS8.3AI score0.00181EPSS
CVE
CVE
added 2022/09/13 9:15 p.m.54 views

CVE-2022-34336

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.1AI score0.00226EPSS
CVE
CVE
added 2011/07/19 8:55 p.m.53 views

CVE-2011-1356

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request.

2.1CVSS5.5AI score0.00056EPSS
CVE
CVE
added 2013/01/27 6:55 p.m.53 views

CVE-2013-0458

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via ...

4.3CVSS7.4AI score0.00266EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.53 views

CVE-2013-2967

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS6.9AI score0.00165EPSS
CVE
CVE
added 2018/07/06 2:29 p.m.53 views

CVE-2018-1621

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.

6.7CVSS6.3AI score0.00054EPSS
CVE
CVE
added 2018/10/29 3:29 p.m.53 views

CVE-2018-1767

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

6.1CVSS5.8AI score0.00373EPSS
CVE
CVE
added 2010/11/09 9:0 p.m.52 views

CVE-2010-0785

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6CVSS7AI score0.00265EPSS
CVE
CVE
added 2010/08/30 8:0 p.m.52 views

CVE-2010-3186

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and re...

10CVSS6.6AI score0.019EPSS
CVE
CVE
added 2012/08/21 10:46 a.m.52 views

CVE-2012-3293

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME el...

4.3CVSS7.3AI score0.00328EPSS
CVE
CVE
added 2014/05/01 5:29 p.m.52 views

CVE-2014-0859

The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

5CVSS8.8AI score0.01888EPSS
CVE
CVE
added 2010/05/17 10:30 p.m.51 views

CVE-2010-0777

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading ...

2.6CVSS5.9AI score0.0055EPSS
CVE
CVE
added 2010/05/03 1:51 p.m.51 views

CVE-2010-1650

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive ...

1.9CVSS5.9AI score0.00074EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.51 views

CVE-2011-1315

Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.

5CVSS6.5AI score0.00808EPSS
CVE
CVE
added 2012/01/15 3:55 a.m.51 views

CVE-2011-1362

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOT...

4.3CVSS5.6AI score0.00295EPSS
CVE
CVE
added 2013/01/27 6:55 p.m.51 views

CVE-2013-0461

Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspe...

4.3CVSS7.3AI score0.00266EPSS
CVE
CVE
added 2013/05/29 2:29 p.m.51 views

CVE-2013-0482

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, r...

4.3CVSS7.7AI score0.01374EPSS
CVE
CVE
added 2014/01/16 8:55 p.m.51 views

CVE-2013-6330

IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

3.5CVSS8.3AI score0.00165EPSS
CVE
CVE
added 2021/03/10 3:15 p.m.51 views

CVE-2020-5016

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to vi...

6.5CVSS6.4AI score0.00096EPSS
CVE
CVE
added 2009/03/31 2:9 p.m.50 views

CVE-2009-1174

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.

10CVSS6.6AI score0.01151EPSS
CVE
CVE
added 2009/08/13 6:30 p.m.50 views

CVE-2009-2092

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors.

7.5CVSS6.6AI score0.00304EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.50 views

CVE-2011-1312

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2)...

4CVSS6.1AI score0.00121EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.50 views

CVE-2011-1318

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly st...

5CVSS6.5AI score0.00527EPSS
CVE
CVE
added 2011/07/19 8:55 p.m.50 views

CVE-2011-1355

Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter.

5.8CVSS6.6AI score0.0054EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.50 views

CVE-2013-0597

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS6.6AI score0.00162EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.50 views

CVE-2013-2976

The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.

1.9CVSS7.4AI score0.00054EPSS
CVE
CVE
added 2013/11/18 5:23 a.m.50 views

CVE-2013-5418

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS7AI score0.00162EPSS
CVE
CVE
added 2010/04/01 7:30 p.m.49 views

CVE-2010-0768

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3CVSS5.6AI score0.0023EPSS
CVE
CVE
added 2010/04/01 7:30 p.m.49 views

CVE-2010-0770

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.

4CVSS6.1AI score0.00514EPSS
CVE
CVE
added 2010/05/17 10:30 p.m.49 views

CVE-2010-0775

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager com...

5CVSS6.4AI score0.00527EPSS
CVE
CVE
added 2010/11/09 9:0 p.m.49 views

CVE-2010-0786

The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incor...

5CVSS6.5AI score0.00594EPSS
CVE
CVE
added 2010/06/18 6:30 p.m.49 views

CVE-2010-2328

The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression.

5CVSS6.6AI score0.00527EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.49 views

CVE-2011-1314

The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.

5CVSS6.5AI score0.00458EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.49 views

CVE-2011-1319

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication.

4CVSS6.2AI score0.00414EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.49 views

CVE-2013-4005

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

3.5CVSS7AI score0.00162EPSS
CVE
CVE
added 2018/09/06 2:29 p.m.49 views

CVE-2018-1695

IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.

7.3CVSS5.5AI score0.00493EPSS
CVE
CVE
added 2009/08/13 6:30 p.m.48 views

CVE-2009-2085

The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (...

7.5CVSS6.5AI score0.00321EPSS
CVE
CVE
added 2010/06/18 6:30 p.m.48 views

CVE-2010-2325

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."

4.3CVSS5.7AI score0.00249EPSS
CVE
CVE
added 2010/11/09 9:0 p.m.48 views

CVE-2010-4220

Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection...

4.3CVSS5.7AI score0.00266EPSS
CVE
CVE
added 2011/03/08 9:59 p.m.48 views

CVE-2011-1316

The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.

5CVSS6.5AI score0.00527EPSS
CVE
CVE
added 2010/05/17 10:30 p.m.47 views

CVE-2010-0774

The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access re...

4.3CVSS6.4AI score0.00142EPSS
Total number of security vulnerabilities190