Websphere Extreme Scale@7.1.0.2 Security Vulnerabilities and Issues — Websphere Extreme Scale@7.1.0.2 CVE List

Lucene search

IbmWebsphere Extreme Scale7.1.0.2

9 matches found

CVE•added 2016/07/02 2:59 p.m.•39 views

CVE-2016-0400

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

6.1CVSS6.1AI score0.03486EPSS

CVE•added 2015/10/04 2:59 a.m.•35 views

CVE-2015-2025

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

4.3CVSS6.5AI score0.00254EPSS

CVE•added 2015/10/04 2:59 a.m.•34 views

CVE-2015-2026

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6CVSS6.2AI score0.00101EPSS

CVE•added 2015/10/04 2:59 a.m.•34 views

CVE-2015-2027

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

2.1CVSS6.7AI score0.00135EPSS

CVE•added 2015/10/04 2:59 a.m.•34 views

CVE-2015-2031

Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2015/10/04 2:59 a.m.•33 views

CVE-2015-2030

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack.

5CVSS6.5AI score0.00254EPSS

CVE•added 2015/10/04 2:59 a.m.•31 views

CVE-2015-2028

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

4.3CVSS6.9AI score0.00246EPSS

CVE•added 2015/10/04 2:59 a.m.•31 views

CVE-2015-2029

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier.

4.3CVSS6.6AI score0.00246EPSS

CVE•added 2016/07/02 2:59 p.m.•28 views

CVE-2016-2861

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS4.5AI score0.00226EPSS