Websphere Application Server@9.0 Security Vulnerabilities and Issues — Websphere Application Server@9.0 CVE List

Lucene search

IbmWebsphere Application Server9.0

11 matches found

CVE•added 2017/03/20 4:59 p.m.•80 views

CVE-2017-1151

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.

8.1CVSS7.9AI score0.00558EPSS

CVE•added 2017/02/01 10:59 p.m.•78 views

CVE-2016-8919

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.

7.8CVSS7.3AI score0.00859EPSS

CVE•added 2017/07/24 9:29 p.m.•77 views

CVE-2017-1382

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.

7.1CVSS6.9AI score0.00039EPSS

CVE•added 2017/02/13 10:59 p.m.•75 views

CVE-2017-1121

IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #...

5.4CVSS5.3AI score0.0027EPSS

CVE•added 2017/04/28 5:59 p.m.•74 views

CVE-2017-1194

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.

8.8CVSS8.4AI score0.00171EPSS

CVE•added 2017/10/10 9:29 p.m.•71 views

CVE-2017-1503

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform ...

6.1CVSS6.1AI score0.00388EPSS

CVE•added 2017/07/24 9:29 p.m.•60 views

CVE-2017-1380

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.3AI score0.00403EPSS

CVE•added 2017/07/21 8:29 p.m.•58 views

CVE-2017-1381

IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.

3.3CVSS3.6AI score0.00057EPSS

CVE•added 2017/08/03 3:29 p.m.•58 views

CVE-2017-1504

IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.

6.5CVSS6.6AI score0.00157EPSS

CVE•added 2017/08/18 3:29 p.m.•57 views

CVE-2017-1501

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.

5.9CVSS5.7AI score0.00701EPSS

CVE•added 2017/06/08 9:29 p.m.•56 views

CVE-2016-9736

IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.

5.3CVSS5.2AI score0.00304EPSS