Websphere Application Server Security Vulnerabilities and Issues — Websphere Application Server CVE List

Lucene search

IbmWebsphere Application Server

16 matches found

CVE•added 2019/09/17 7:15 p.m.•96 views

CVE-2019-4271

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

3.5CVSS3.8AI score0.00263EPSS

CVE•added 2016/09/01 10:59 a.m.•63 views

CVE-2016-0385

Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

3.5CVSS5AI score0.00295EPSS

CVE•added 2020/09/30 3:15 p.m.•63 views

CVE-2020-4629

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.

3.3CVSS3.4AI score0.00093EPSS

CVE•added 2012/09/25 8:55 p.m.•61 views

CVE-2012-3311

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users ...

3.3CVSS8.2AI score0.00064EPSS

CVE•added 2013/11/18 5:23 a.m.•61 views

CVE-2013-5414

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportun...

3.5CVSS8.9AI score0.0016EPSS

CVE•added 2014/09/23 10:55 p.m.•61 views

CVE-2014-4770

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS3.5AI score0.00492EPSS

CVE•added 2014/05/01 5:29 p.m.•60 views

CVE-2013-6323

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script o...

3.5CVSS6.9AI score0.00304EPSS

CVE•added 2017/07/21 8:29 p.m.•58 views

CVE-2017-1381

IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.

3.3CVSS3.6AI score0.00057EPSS

CVE•added 2013/04/24 10:28 a.m.•56 views

CVE-2013-0540

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.

3.5CVSS8.9AI score0.00122EPSS

CVE•added 2013/08/21 9:55 p.m.•55 views

CVE-2013-4004

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS6.9AI score0.00162EPSS

CVE•added 2014/01/16 8:55 p.m.•55 views

CVE-2013-6725

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS7AI score0.00291EPSS

CVE•added 2014/01/16 8:55 p.m.•51 views

CVE-2013-6330

IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

3.5CVSS8.3AI score0.00165EPSS

CVE•added 2013/08/21 9:55 p.m.•50 views

CVE-2013-0597

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS6.6AI score0.00162EPSS

CVE•added 2013/11/18 5:23 a.m.•50 views

CVE-2013-5418

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS7AI score0.00162EPSS

CVE•added 2013/08/21 9:55 p.m.•49 views

CVE-2013-4005

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

3.5CVSS7AI score0.00162EPSS

CVE•added 2014/09/04 10:55 a.m.•37 views

CVE-2014-3075

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

3.5CVSS5.3AI score0.00188EPSS