Websphere Application Server Security Vulnerabilities and Issues — Websphere Application Server CVE List

Lucene search

IbmWebsphere Application Server

7 matches found

CVE•added 2018/10/31 1:29 p.m.•73 views

CVE-2018-1851

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-...

9.8CVSS9.4AI score0.05294EPSS

CVE•added 2018/10/03 2:29 p.m.•66 views

CVE-2018-1793

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...

6.1CVSS5.8AI score0.00303EPSS

CVE•added 2018/10/12 12:0 p.m.•65 views

CVE-2018-1770

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686.

6.5CVSS6.4AI score0.00484EPSS

CVE•added 2018/10/03 2:29 p.m.•63 views

CVE-2018-1794

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses...

6.1CVSS5.8AI score0.00333EPSS

CVE•added 2018/10/29 3:29 p.m.•55 views

CVE-2018-1767

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessio...

6.1CVSS5.8AI score0.00366EPSS

CVE•added 2018/10/16 7:29 p.m.•55 views

CVE-2018-1777

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.3AI score0.00297EPSS

CVE•added 2018/10/12 5:29 a.m.•33 views

CVE-2018-1838

IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811.

6.5CVSS6.7AI score0.00129EPSS