Websphere Application Server Security Vulnerabilities and Issues — Websphere Application Server CVE List

Lucene search

IbmWebsphere Application Server

3 matches found

CVE•added 2015/07/14 5:59 p.m.•64 views

CVE-2015-1946

IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.

4.4CVSS6.5AI score0.00058EPSS

CVE•added 2015/07/14 5:59 p.m.•62 views

CVE-2015-1927

The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged acces...

6.8CVSS6.9AI score0.00685EPSS

CVE•added 2015/07/14 5:59 p.m.•50 views

CVE-2015-1936

The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.

6CVSS7.2AI score0.00311EPSS