Lucene search

K
IbmWebsphere Application Server

8 matches found

CVE
CVE
added 2009/08/13 6:30 p.m.50 views

CVE-2009-2092

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors.

7.5CVSS6.6AI score0.00304EPSS
CVE
CVE
added 2009/08/13 6:30 p.m.48 views

CVE-2009-2085

The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (...

7.5CVSS6.5AI score0.00321EPSS
CVE
CVE
added 2009/08/13 6:30 p.m.43 views

CVE-2009-2090

Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of servic...

5CVSS6.7AI score0.00363EPSS
CVE
CVE
added 2009/08/13 6:30 p.m.42 views

CVE-2009-2089

The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.

2.1CVSS5.7AI score0.00214EPSS
CVE
CVE
added 2009/08/13 6:30 p.m.41 views

CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...

2.1CVSS6.3AI score0.00036EPSS
CVE
CVE
added 2009/08/13 6:30 p.m.39 views

CVE-2009-2088

The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," ...

7.5CVSS6.9AI score0.00554EPSS
CVE
CVE
added 2009/08/13 6:30 p.m.38 views

CVE-2009-2091

The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS6.1AI score0.00223EPSS
CVE
CVE
added 2009/08/13 6:30 p.m.36 views

CVE-2009-0906

The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.

6.5CVSS6.3AI score0.00336EPSS