Websphere Application Server Security Vulnerabilities and Issues — Websphere Application Server CVE List

Lucene search

IbmWebsphere Application Server

5 matches found

CVE•added 2014/12/18 4:59 p.m.•61 views

CVE-2014-6174

IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.

4.3CVSS4AI score0.00313EPSS

CVE•added 2014/12/18 4:59 p.m.•59 views

CVE-2014-6167

Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS3.9AI score0.00324EPSS

CVE•added 2014/12/18 4:59 p.m.•58 views

CVE-2014-6164

IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.

5CVSS4.8AI score0.00376EPSS

CVE•added 2014/12/18 4:59 p.m.•58 views

CVE-2014-8890

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.

5.1CVSS5.3AI score0.01049EPSS

CVE•added 2014/12/18 4:59 p.m.•57 views

CVE-2014-6166

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entit...

4.3CVSS4.1AI score0.00364EPSS