23 matches found
CVE-2019-4115
IBM WebSphere eXtreme Scale Admin API (v8.6) is affected by cross-site scripting in the Admin UI, enabling injection of arbitrary JavaScript and potential credential disclosure within a trusted session. Root cause: inadequate input sanitization in the Admin UI. Impact is described in multiple sou...
CVE-2019-4112
CVE-2019-4112 affects IBM WebSphere eXtreme Scale 8.6 Admin Console. Root cause: the Admin Console stores web pages locally, enabling another user on the system to read them, leading to information disclosure. Public evidence from CNVD/NVD and IBM security bulletin corroborates the Admin Console ...
CVE-2020-4336
IBM WebSphere eXtreme Scale 8.6.1 is affected by CVE-2020-4336, where sensitive information is stored in URL parameters, enabling potential disclosure if URLs are exposed via logs, referer headers, or browser history. The affected product/version is WebSphere eXtreme Scale 8.6.1; remediation prov...
CVE-2013-5393
WebSphere eXtreme Scale monitoring console is affected by CVE-2013-5393 due to a logoff handling weakness in versions 7.1.0, 7.1.1, 8.5.0 and 8.6.0. The IBM security bulletin lists the vulnerability and provides remediation: upgrade to WebSphere eXtreme Scale 7.1.1 and apply the interim fix PM974...
CVE-2013-5390
CVE-2013-5390 affects IBM WebSphere eXtreme Scale monitoring console (versions 7.1.0, 7.1.1, 8.5.0, 8.6.0). It is a cross-site scripting vulnerability in the monitoring console that allows remote authenticated users to inject arbitrary script/HTML via unspecified vectors. Root cause: XSS in the c...
CVE-2016-0400
Summary of this CVE (CVE-2016-0400) : IBM WebSphere eXtreme Scale (client) is vulnerable to an HTTP response splitting/CRLF injection due to improper validation of user-supplied input when processing crafted requests. The issue can allow an attacker to inject arbitrary HTTP headers via a crafted ...
CVE-2019-4106
IBM WebSphere eXtreme Scale Admin Console (version 8.6) is vulnerable to cross-site scripting in the Admin Console UI, enabling an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue is identified as CVE-2019-4106. According to IBM’s bu...
CVE-2015-2029
IBM WebSphere eXtreme Scale 7.1.0 (before 7.1.0.3) and 7.1.1 (before 7.1.1.1) expose a session fixation vulnerability that allows remote attackers to hijack a user’s web session by exploiting an existing session identifier. The issue stems from improper session management (failure to invalidate o...
CVE-2019-4109
CVE-2019-4109 affects IBM WebSphere eXtreme Scale Admin Console (8.6). The Admin Console could allow a remote attacker to hijack a victim’s click actions by convincing the user to visit a malicious site, potentially enabling further attacks. Public sources corroborate this as a clickjacking/inter...
CVE-2015-2025
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 do not set the secure flag on the session cookie in HTTPS, allowing interception of cookies in HTTP sessions. Affected versions: WebSphere eXtreme Scale 7.1.0 and 7.1.1. Remediation: apply fixes 7.1.0.3 (PI44105) or 7.1.1.1...
CVE-2015-2028
CVE-2015-2028 is a CRLF injection vulnerability in IBM WebSphere eXtreme Scale, affecting WebSphere eXtreme Scale 7.1.0 up to but not including 7.1.0.3 and 7.1.1 up to but not including 7.1.1.1. A remote attacker can craft a URL to inject arbitrary HTTP headers and perform HTTP response splitting...
CVE-2015-2027
IBM WebSphere eXtreme Scale 7.1.0 (before 7.1.0.3) and 7.1.1 (before 7.1.1.1) is affected by a logout handling flaw that permits a local attacker to bypass access controls by leveraging an unattended workstation. The issue stems from improper logout actions within the eXtreme Scale component, ena...
CVE-2015-7418
The CVE-2015-7418 entry concerns IBM WebSphere DataPower XC10 Appliance and WebSphere eXtreme Scale where sensitive data can linger in memory instead of being overwritten, enabling a local administrator to access sensitive information. IBM’s advisory specifies affected products and firmware range...
CVE-2015-2026
CVE-2015-2026 affects IBM WebSphere eXtreme Scale 7.1.0 (before 7.1.0.3) and 7.1.1 (before 7.1.1.1). It is a CSRF vulnerability caused by improper validation of user-supplied input, enabling remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS se...
CVE-2015-2030
CVE-2015-2030 affects IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1, where an improper account-lockout setting could allow a remote attacker to obtain access via brute-force attempts. The IBM security bulletin lists the vulnerable versions and provides fixed releases: ...
CVE-2015-2031
CVE-2015-2031 affects IBM WebSphere eXtreme Scale (V7.1.0 up to but not including 7.1.0.3 and V7.1.1 up to but not including 7.1.1.1). The issue is a cross-site scripting vulnerability caused by improper validation of user-supplied input, allowing remote authenticated users to inject arbitrary sc...
CVE-2013-5394
IBM WebSphere eXtreme Scale Monitoring Console (versions 7.1.0, 7.1.1, 8.5.0, 8.6.0) is affected by CVE-2013-5394, a phishing vulnerability reported in the IBM Security Bulletin. The issue arises in the monitoring console and is exploitable by remote authenticated users via unspecified vectors. R...
CVE-2015-4936
CVE-2015-4936 affects IBM WebSphere eXtreme Scale 8.6.x, specifically 8.6.0.8, where an unspecified vulnerability could cause a denial of service on server processes. IBM’s security bulletin documents the affected product versions and provides remediation: apply fix recommendations (VRMF 1.0.0.6 ...
CVE-2016-2861
Summary (CVE-2016-2861) : IBM WebSphere eXtreme Scale Client components (WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, 8.6 before 8.6.0.8)** expose sensitive information due to weaker-than-expected encryption, enabling a remote attacker to decrypt network...
CVE-2026-13773
CVE-2026-13773 affects IBM WebSphere eXtreme Scale 8.6.1.0–8.6.1.6. Approximately 50 generated CORBA stub classes in ogclient.jar deserialize an attacker-controlled IOR via ObjectInputStream, using ORB.string_to_object() to perform outbound IIOP SSRF to a chosen host. When combined with IBM ORB g...
CVE-2026-13772
CVE-2026-13772 affects IBM WebSphere eXtreme Scale (OQL engine) on versions 8.6.1.0–8.6.1.6. The issue arises from attacker-supplied class names being resolved via Class.forName() and their constructors invoked at three sinks (SELECT NEW, enum literals, reflection-based comparators) without an al...
CVE-2026-9002
IBM WebSphere eXtremes Scale is affected in versions 8.6.1.0–8.6.1.6 by an XDF decoder validation issue. The decoder may mishandle deeply nested Protocol Buffers messages and attacker-controlled length prefixes without proper bounds checking, enabling an adjacent attacker to trigger StackOverflow...
CVE-2026-13759
CVE-2026-13759 affects IBM WebSphere eXtreme Scale (WebSphere Extreme Scale) 8.6.1.0–8.6.1.6. The root cause is insecure deserialization: three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) ship without a JEP-290 class filter. ...