Websphere Application Server Security Vulnerabilities and Issues — Websphere Application Server CVE List

Lucene search

IbmWebsphere Application Server

9 matches found

CVE•added 2010/04/01 7:30 p.m.•54 views

CVE-2010-0769

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.

1.9CVSS5.9AI score0.00054EPSS

CVE•added 2010/05/03 1:51 p.m.•51 views

CVE-2010-1650

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive ...

1.9CVSS5.9AI score0.00074EPSS

CVE•added 2013/08/21 9:55 p.m.•50 views

CVE-2013-2976

The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.

1.9CVSS7.4AI score0.00054EPSS

CVE•added 2013/04/24 10:28 a.m.•49 views

CVE-2013-0541

Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon cra...

1.9CVSS8.3AI score0.00054EPSS

CVE•added 2007/10/23 1:0 a.m.•44 views

CVE-2003-1447

IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.

1.9CVSS6.5AI score0.00036EPSS

CVE•added 2010/05/03 1:51 p.m.•44 views

CVE-2010-1651

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by rea...

1.9CVSS5.9AI score0.00049EPSS

CVE•added 2011/03/08 9:59 p.m.•42 views

CVE-2011-1310

The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially se...

1.9CVSS5.6AI score0.00051EPSS

CVE•added 2009/02/10 10:30 p.m.•36 views

CVE-2009-0434

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) sys...

1.9CVSS5.5AI score0.00302EPSS

CVE•added 2009/02/10 10:30 p.m.•31 views

CVE-2009-0437

The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.

1.9CVSS5.8AI score0.00055EPSS