Lucene search

K
IbmWebsphere Application Server8.5.0.1

63 matches found

CVE
CVE
added 2013/04/24 10:28 a.m.51 views

CVE-2013-0543

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions ...

6.8CVSS9AI score0.00345EPSS
CVE
CVE
added 2013/04/24 10:28 a.m.51 views

CVE-2013-0544

Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors.

4CVSS8.5AI score0.00457EPSS
CVE
CVE
added 2015/04/27 12:59 p.m.51 views

CVE-2015-0175

IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

5.5CVSS8.8AI score0.0049EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.50 views

CVE-2013-0597

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS6.6AI score0.00162EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.50 views

CVE-2013-2976

The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.

1.9CVSS7.4AI score0.00054EPSS
CVE
CVE
added 2013/11/18 5:23 a.m.50 views

CVE-2013-5418

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS7AI score0.00162EPSS
CVE
CVE
added 2015/07/14 5:59 p.m.50 views

CVE-2015-1936

The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.

6CVSS7.2AI score0.00311EPSS
CVE
CVE
added 2013/04/24 10:28 a.m.49 views

CVE-2013-0541

Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon cra...

1.9CVSS8.3AI score0.00054EPSS
CVE
CVE
added 2013/08/21 9:55 p.m.49 views

CVE-2013-4005

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

3.5CVSS7AI score0.00162EPSS
CVE
CVE
added 2015/04/27 12:59 p.m.48 views

CVE-2015-0174

The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4CVSS8.3AI score0.00267EPSS
CVE
CVE
added 2014/05/01 5:29 p.m.45 views

CVE-2014-0896

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.

4.3CVSS8.7AI score0.00234EPSS
CVE
CVE
added 2014/08/22 1:55 a.m.44 views

CVE-2014-4767

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

6.5CVSS9.2AI score0.01349EPSS
CVE
CVE
added 2015/12/15 5:59 a.m.39 views

CVE-2015-5004

The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4CVSS5.6AI score0.00165EPSS
Total number of security vulnerabilities63