Websphere Application Server Security Vulnerabilities and Issues — Websphere Application Server CVE List

Lucene search

IbmWebsphere Application Server

18 matches found

CVE•added 2019/09/20 4:15 p.m.•179 views

CVE-2019-4505

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

5.3CVSS5.1AI score0.00193EPSS

CVE•added 2019/05/17 4:29 p.m.•139 views

CVE-2019-4279

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.

10CVSS9.4AI score0.8408EPSS

CVE•added 2019/09/17 7:15 p.m.•123 views

CVE-2019-4442

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.

4.3CVSS4.7AI score0.0042EPSS

CVE•added 2019/09/17 7:15 p.m.•105 views

CVE-2019-4270

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

5.4CVSS5.3AI score0.00277EPSS

CVE•added 2019/09/17 7:15 p.m.•97 views

CVE-2019-4477

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.

6.5CVSS6.4AI score0.00208EPSS

CVE•added 2019/09/17 7:15 p.m.•96 views

CVE-2019-4271

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

3.5CVSS3.8AI score0.00263EPSS

CVE•added 2019/09/17 7:15 p.m.•95 views

CVE-2019-4268

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201.

5.3CVSS5.4AI score0.00424EPSS

CVE•added 2019/03/25 7:29 p.m.•77 views

CVE-2019-4046

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.

7.5CVSS7.4AI score0.01177EPSS

CVE•added 2019/10/03 2:15 p.m.•75 views

CVE-2019-4441

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.

5.3CVSS5.2AI score0.00295EPSS

CVE•added 2019/09/30 4:15 p.m.•73 views

CVE-2019-4304

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.

6.5CVSS6.2AI score0.00084EPSS

CVE•added 2019/03/11 10:29 p.m.•71 views

CVE-2018-1902

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.

4.3CVSS4.5AI score0.00277EPSS

CVE•added 2019/09/30 4:15 p.m.•65 views

CVE-2019-4305

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.

5.3CVSS5.5AI score0.00255EPSS

CVE•added 2019/06/28 5:15 p.m.•64 views

CVE-2019-4269

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202.

7.5CVSS7.1AI score0.00358EPSS

CVE•added 2019/02/19 5:29 p.m.•60 views

CVE-2018-1996

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.

5.3CVSS5.2AI score0.00093EPSS

CVE•added 2019/12/10 4:15 p.m.•58 views

CVE-2019-4663

IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.

5.4CVSS5.6AI score0.00218EPSS

CVE•added 2019/03/06 8:29 p.m.•57 views

CVE-2019-4030

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 15594...

5.4CVSS5.3AI score0.0024EPSS

CVE•added 2019/04/02 2:29 p.m.•57 views

CVE-2019-4080

IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.

6.8CVSS6.4AI score0.0134EPSS

CVE•added 2019/07/30 2:15 p.m.•44 views

CVE-2019-4285

IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other...

5.4CVSS5.5AI score0.00026EPSS