Websphere Application Server@8.0 Security Vulnerabilities and Issues — Page 2 of Websphere Application Server@8.0 CVE List

Lucene search

IbmWebsphere Application Server8.0

82 matches found

CVE•added 2016/09/01 10:59 a.m.•63 views

CVE-2016-0385

Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

3.5CVSS5AI score0.00295EPSS

CVE•added 2020/09/30 3:15 p.m.•63 views

CVE-2020-4629

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.

3.3CVSS3.4AI score0.00093EPSS

CVE•added 2016/10/01 1:59 a.m.•61 views

CVE-2016-5986

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.

7.5CVSS7.2AI score0.00445EPSS

CVE•added 2018/10/03 2:29 p.m.•61 views

CVE-2018-1794

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses...

6.1CVSS5.8AI score0.00346EPSS

CVE•added 2020/09/21 5:15 p.m.•61 views

CVE-2020-4643

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.

7.5CVSS7.5AI score0.00335EPSS

CVE•added 2014/10/19 1:55 a.m.•60 views

CVE-2014-3021

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.

5CVSS4AI score0.00544EPSS

CVE•added 2017/07/24 9:29 p.m.•60 views

CVE-2017-1380

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.3AI score0.00403EPSS

CVE•added 2018/03/14 12:29 a.m.•60 views

CVE-2017-1741

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931.

4.3CVSS4.3AI score0.00258EPSS

CVE•added 2018/11/16 4:0 p.m.•60 views

CVE-2018-1797

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit ...

6.3CVSS5.6AI score0.00607EPSS

CVE•added 2019/02/19 5:29 p.m.•60 views

CVE-2018-1996

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.

5.3CVSS5.2AI score0.00093EPSS

CVE•added 2020/10/28 5:15 p.m.•60 views

CVE-2020-4782

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

6.5CVSS6.4AI score0.00416EPSS

CVE•added 2022/09/28 4:15 p.m.•60 views

CVE-2022-35282

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.

6.5CVSS6.1AI score0.00031EPSS

CVE•added 2020/02/05 4:15 p.m.•59 views

CVE-2019-4670

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.

6.5CVSS6.2AI score0.00252EPSS

CVE•added 2020/09/10 5:15 p.m.•59 views

CVE-2020-4578

5.4CVSS5.3AI score0.00287EPSS

CVE•added 2017/07/21 8:29 p.m.•58 views

CVE-2017-1381

IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.

3.3CVSS3.6AI score0.00057EPSS

CVE•added 2016/08/08 1:59 a.m.•57 views

CVE-2016-2960

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.

4.3CVSS5.3AI score0.00676EPSS

CVE•added 2017/08/18 3:29 p.m.•57 views

CVE-2017-1501

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.

5.9CVSS5.7AI score0.00701EPSS

CVE•added 2019/04/02 2:29 p.m.•57 views

CVE-2019-4080

IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.

6.8CVSS6.4AI score0.0134EPSS

CVE•added 2021/04/21 12:15 p.m.•57 views

CVE-2021-20454

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.

8.2CVSS8AI score0.00172EPSS

CVE•added 2017/06/08 9:29 p.m.•56 views

CVE-2016-9736

IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.

5.3CVSS5.2AI score0.00304EPSS

CVE•added 2020/10/01 4:15 p.m.•56 views

CVE-2020-4576

IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428.

7.5CVSS7.1AI score0.00442EPSS

CVE•added 2018/06/26 8:29 p.m.•55 views

CVE-2018-1614

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270.

7.5CVSS7.2AI score0.00586EPSS

CVE•added 2018/10/16 7:29 p.m.•54 views

CVE-2018-1777

5.4CVSS5.3AI score0.00315EPSS

CVE•added 2018/12/12 4:29 p.m.•54 views

CVE-2018-1926

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit...

8.8CVSS8.3AI score0.00181EPSS

CVE•added 2022/09/13 9:15 p.m.•54 views

CVE-2022-34336

5.4CVSS5.1AI score0.00226EPSS

CVE•added 2018/07/06 2:29 p.m.•53 views

CVE-2018-1621

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.

6.7CVSS6.3AI score0.00054EPSS

CVE•added 2018/10/29 3:29 p.m.•53 views

CVE-2018-1767

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

6.1CVSS5.8AI score0.00373EPSS

CVE•added 2021/03/10 3:15 p.m.•51 views

CVE-2020-5016

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to vi...

6.5CVSS6.4AI score0.00096EPSS

CVE•added 2018/09/06 2:29 p.m.•49 views

CVE-2018-1695

IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.

7.3CVSS5.5AI score0.00493EPSS

CVE•added 2018/12/11 4:29 p.m.•47 views

CVE-2018-1904

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.

9.8CVSS9.3AI score0.00827EPSS

CVE•added 2021/06/11 3:15 p.m.•47 views

CVE-2021-29754

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.

8.8CVSS8.5AI score0.00209EPSS

CVE•added 2018/11/12 4:29 p.m.•45 views

CVE-2018-1798

6.1CVSS5.8AI score0.0048EPSS

Total number of security vulnerabilities82