Websphere Application Server Security Vulnerabilities and Issues — Websphere Application Server CVE List

Lucene search

IbmWebsphere Application Server

8 matches found

CVE•added 2009/03/16 7:30 p.m.•63 views

CVE-2009-0508

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other...

7.5CVSS6.8AI score0.01719EPSS

CVE•added 2009/03/09 9:30 p.m.•60 views

CVE-2009-0855

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.58629EPSS

CVE•added 2009/03/31 2:9 p.m.•50 views

CVE-2009-1174

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.

10CVSS6.6AI score0.01151EPSS

CVE•added 2009/03/25 1:30 a.m.•42 views

CVE-2009-0891

The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm...

5.5CVSS6AI score0.00421EPSS

CVE•added 2009/03/31 2:9 p.m.•39 views

CVE-2009-0892

The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.

5.5CVSS6.5AI score0.00377EPSS

CVE•added 2009/03/09 9:30 p.m.•38 views

CVE-2009-0856

Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00463EPSS

CVE•added 2009/03/31 2:9 p.m.•37 views

CVE-2009-1172

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.

10CVSS6.5AI score0.01334EPSS

CVE•added 2009/03/31 2:9 p.m.•36 views

CVE-2009-1173

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used.

2.1CVSS6.5AI score0.00052EPSS