Lucene search
K
IbmWebsphere Extreme Scale

23 matches found

CVE
CVE
added 2019/09/30 3:20 p.m.71 views

CVE-2019-4115

IBM WebSphere eXtreme Scale Admin API (v8.6) is affected by cross-site scripting in the Admin UI, enabling injection of arbitrary JavaScript and potential credential disclosure within a trusted session. Root cause: inadequate input sanitization in the Admin UI. Impact is described in multiple sou...

5.4CVSS5.3AI score0.00673EPSS
CVE
CVE
added 2019/09/30 3:20 p.m.57 views

CVE-2019-4112

CVE-2019-4112 affects IBM WebSphere eXtreme Scale 8.6 Admin Console. Root cause: the Admin Console stores web pages locally, enabling another user on the system to read them, leading to information disclosure. Public evidence from CNVD/NVD and IBM security bulletin corroborates the Admin Console ...

4CVSS3.9AI score0.0034EPSS
CVE
CVE
added 2021/01/06 1:10 p.m.52 views

CVE-2020-4336

IBM WebSphere eXtreme Scale 8.6.1 is affected by CVE-2020-4336, where sensitive information is stored in URL parameters, enabling potential disclosure if URLs are exposed via logs, referer headers, or browser history. The affected product/version is WebSphere eXtreme Scale 8.6.1; remediation prov...

5.3CVSS4.9AI score0.00969EPSS
CVE
CVE
added 2013/10/16 10:0 a.m.51 views

CVE-2013-5393

WebSphere eXtreme Scale monitoring console is affected by CVE-2013-5393 due to a logoff handling weakness in versions 7.1.0, 7.1.1, 8.5.0 and 8.6.0. The IBM security bulletin lists the vulnerability and provides remediation: upgrade to WebSphere eXtreme Scale 7.1.1 and apply the interim fix PM974...

7.5CVSS6.7AI score0.01265EPSS
CVE
CVE
added 2019/09/30 3:20 p.m.51 views

CVE-2019-4106

IBM WebSphere eXtreme Scale Admin Console (version 8.6) is vulnerable to cross-site scripting in the Admin Console UI, enabling an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue is identified as CVE-2019-4106. According to IBM’s bu...

4.8CVSS5.1AI score0.00662EPSS
CVE
CVE
added 2013/10/16 10:0 a.m.50 views

CVE-2013-5390

CVE-2013-5390 affects IBM WebSphere eXtreme Scale monitoring console (versions 7.1.0, 7.1.1, 8.5.0, 8.6.0). It is a cross-site scripting vulnerability in the monitoring console that allows remote authenticated users to inject arbitrary script/HTML via unspecified vectors. Root cause: XSS in the c...

3.5CVSS5.2AI score0.00936EPSS
CVE
CVE
added 2016/07/02 2:0 p.m.50 views

CVE-2016-0400

Summary of this CVE (CVE-2016-0400) : IBM WebSphere eXtreme Scale (client) is vulnerable to an HTTP response splitting/CRLF injection due to improper validation of user-supplied input when processing crafted requests. The issue can allow an attacker to inject arbitrary HTTP headers via a crafted ...

6.1CVSS6.1AI score0.0214EPSS
CVE
CVE
added 2019/09/30 3:20 p.m.50 views

CVE-2019-4109

CVE-2019-4109 affects IBM WebSphere eXtreme Scale Admin Console (8.6). The Admin Console could allow a remote attacker to hijack a victim’s click actions by convincing the user to visit a malicious site, potentially enabling further attacks. Public sources corroborate this as a clickjacking/inter...

6.1CVSS6.1AI score0.0125EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.49 views

CVE-2015-2029

IBM WebSphere eXtreme Scale 7.1.0 (before 7.1.0.3) and 7.1.1 (before 7.1.1.1) expose a session fixation vulnerability that allows remote attackers to hijack a user’s web session by exploiting an existing session identifier. The issue stems from improper session management (failure to invalidate o...

4.3CVSS6.6AI score0.01205EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.47 views

CVE-2015-2025

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 do not set the secure flag on the session cookie in HTTPS, allowing interception of cookies in HTTP sessions. Affected versions: WebSphere eXtreme Scale 7.1.0 and 7.1.1. Remediation: apply fixes 7.1.0.3 (PI44105) or 7.1.1.1...

4.3CVSS6.5AI score0.01229EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.47 views

CVE-2015-2028

CVE-2015-2028 is a CRLF injection vulnerability in IBM WebSphere eXtreme Scale, affecting WebSphere eXtreme Scale 7.1.0 up to but not including 7.1.0.3 and 7.1.1 up to but not including 7.1.1.1. A remote attacker can craft a URL to inject arbitrary HTTP headers and perform HTTP response splitting...

4.3CVSS6.9AI score0.01205EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.45 views

CVE-2015-2027

IBM WebSphere eXtreme Scale 7.1.0 (before 7.1.0.3) and 7.1.1 (before 7.1.1.1) is affected by a logout handling flaw that permits a local attacker to bypass access controls by leveraging an unattended workstation. The issue stems from improper logout actions within the eXtreme Scale component, ena...

2.1CVSS6.7AI score0.00497EPSS
CVE
CVE
added 2017/02/08 10:0 p.m.45 views

CVE-2015-7418

The CVE-2015-7418 entry concerns IBM WebSphere DataPower XC10 Appliance and WebSphere eXtreme Scale where sensitive data can linger in memory instead of being overwritten, enabling a local administrator to access sensitive information. IBM’s advisory specifies affected products and firmware range...

4.4CVSS4.4AI score0.00354EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.44 views

CVE-2015-2026

CVE-2015-2026 affects IBM WebSphere eXtreme Scale 7.1.0 (before 7.1.0.3) and 7.1.1 (before 7.1.1.1). It is a CSRF vulnerability caused by improper validation of user-supplied input, enabling remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS se...

6CVSS6.2AI score0.00538EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.44 views

CVE-2015-2030

CVE-2015-2030 affects IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1, where an improper account-lockout setting could allow a remote attacker to obtain access via brute-force attempts. The IBM security bulletin lists the vulnerable versions and provides fixed releases: ...

5CVSS6.5AI score0.01398EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.44 views

CVE-2015-2031

CVE-2015-2031 affects IBM WebSphere eXtreme Scale (V7.1.0 up to but not including 7.1.0.3 and V7.1.1 up to but not including 7.1.1.1). The issue is a cross-site scripting vulnerability caused by improper validation of user-supplied input, allowing remote authenticated users to inject arbitrary sc...

3.5CVSS5.2AI score0.00954EPSS
CVE
CVE
added 2013/10/16 10:0 a.m.42 views

CVE-2013-5394

IBM WebSphere eXtreme Scale Monitoring Console (versions 7.1.0, 7.1.1, 8.5.0, 8.6.0) is affected by CVE-2013-5394, a phishing vulnerability reported in the IBM Security Bulletin. The issue arises in the monitoring console and is exploitable by remote authenticated users via unspecified vectors. R...

4.9CVSS6.1AI score0.00951EPSS
CVE
CVE
added 2015/08/03 7:0 p.m.42 views

CVE-2015-4936

CVE-2015-4936 affects IBM WebSphere eXtreme Scale 8.6.x, specifically 8.6.0.8, where an unspecified vulnerability could cause a denial of service on server processes. IBM’s security bulletin documents the affected product versions and provides remediation: apply fix recommendations (VRMF 1.0.0.6 ...

5CVSS6.6AI score0.01242EPSS
CVE
CVE
added 2016/07/02 2:0 p.m.41 views

CVE-2016-2861

Summary (CVE-2016-2861) : IBM WebSphere eXtreme Scale Client components (WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, 8.6 before 8.6.0.8)** expose sensitive information due to weaker-than-expected encryption, enabling a remote attacker to decrypt network...

4.3CVSS4.5AI score0.01052EPSS
CVE
CVE
added 2026/06/30 7:20 p.m.23 views

CVE-2026-13773

CVE-2026-13773 affects IBM WebSphere eXtreme Scale 8.6.1.0–8.6.1.6. Approximately 50 generated CORBA stub classes in ogclient.jar deserialize an attacker-controlled IOR via ObjectInputStream, using ORB.string_to_object() to perform outbound IIOP SSRF to a chosen host. When combined with IBM ORB g...

10CVSS6.4AI score0.03415EPSS
CVE
CVE
added 2026/06/30 7:21 p.m.20 views

CVE-2026-13772

CVE-2026-13772 affects IBM WebSphere eXtreme Scale (OQL engine) on versions 8.6.1.0–8.6.1.6. The issue arises from attacker-supplied class names being resolved via Class.forName() and their constructors invoked at three sinks (SELECT NEW, enum literals, reflection-based comparators) without an al...

9.9CVSS6.1AI score0.00283EPSS
CVE
CVE
added 2026/06/30 7:8 p.m.19 views

CVE-2026-9002

IBM WebSphere eXtremes Scale is affected in versions 8.6.1.0–8.6.1.6 by an XDF decoder validation issue. The decoder may mishandle deeply nested Protocol Buffers messages and attacker-controlled length prefixes without proper bounds checking, enabling an adjacent attacker to trigger StackOverflow...

6.5CVSS5.8AI score0.00269EPSS
CVE
CVE
added 2026/06/30 7:24 p.m.12 views

CVE-2026-13759

CVE-2026-13759 affects IBM WebSphere eXtreme Scale (WebSphere Extreme Scale) 8.6.1.0–8.6.1.6. The root cause is insecure deserialization: three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) ship without a JEP-290 class filter. ...

8.8CVSS6.2AI score0.00303EPSS