Lucene search

K
IbmWebsphere Extreme Scale

19 matches found

CVE
CVE
added 2019/09/30 4:15 p.m.56 views

CVE-2019-4115

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113.

5.4CVSS5.3AI score0.00208EPSS
CVE
CVE
added 2019/09/30 4:15 p.m.46 views

CVE-2019-4112

IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.

4CVSS3.9AI score0.00046EPSS
CVE
CVE
added 2013/10/16 10:52 a.m.39 views

CVE-2013-5393

The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.

7.5CVSS6.7AI score0.00396EPSS
CVE
CVE
added 2016/07/02 2:59 p.m.39 views

CVE-2016-0400

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

6.1CVSS6.1AI score0.03486EPSS
CVE
CVE
added 2019/09/30 4:15 p.m.39 views

CVE-2019-4109

IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks ...

6.1CVSS6.1AI score0.00181EPSS
CVE
CVE
added 2019/09/30 4:15 p.m.38 views

CVE-2019-4106

IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1580...

4.8CVSS5.1AI score0.00213EPSS
CVE
CVE
added 2021/01/06 1:15 p.m.38 views

CVE-2020-4336

IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.

5.3CVSS4.9AI score0.00163EPSS
CVE
CVE
added 2013/10/16 10:52 a.m.37 views

CVE-2013-5390

Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.00188EPSS
CVE
CVE
added 2015/10/04 2:59 a.m.35 views

CVE-2015-2025

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

4.3CVSS6.5AI score0.00254EPSS
CVE
CVE
added 2017/02/08 10:59 p.m.35 views

CVE-2015-7418

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.

4.4CVSS4.4AI score0.00128EPSS
CVE
CVE
added 2015/10/04 2:59 a.m.34 views

CVE-2015-2026

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6CVSS6.2AI score0.00101EPSS
CVE
CVE
added 2015/10/04 2:59 a.m.34 views

CVE-2015-2027

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

2.1CVSS6.7AI score0.00135EPSS
CVE
CVE
added 2015/10/04 2:59 a.m.34 views

CVE-2015-2031

Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS
CVE
CVE
added 2015/10/04 2:59 a.m.33 views

CVE-2015-2030

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack.

5CVSS6.5AI score0.00254EPSS
CVE
CVE
added 2013/10/16 10:52 a.m.32 views

CVE-2013-5394

The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

4.9CVSS6.1AI score0.0016EPSS
CVE
CVE
added 2015/08/03 7:59 p.m.32 views

CVE-2015-4936

Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors.

5CVSS6.6AI score0.00527EPSS
CVE
CVE
added 2015/10/04 2:59 a.m.31 views

CVE-2015-2028

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

4.3CVSS6.9AI score0.00246EPSS
CVE
CVE
added 2015/10/04 2:59 a.m.31 views

CVE-2015-2029

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier.

4.3CVSS6.6AI score0.00246EPSS
CVE
CVE
added 2016/07/02 2:59 p.m.28 views

CVE-2016-2861

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS4.5AI score0.00226EPSS