VYPR

Websphere Application Server

by IBM

CVEs (462)

  • CVE-2018-1643Nov 15, 2018
    risk 0.00cvss epss 0.01

    The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2018-1798Nov 12, 2018
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2018-1851Oct 31, 2018
    risk 0.00cvss epss 0.04

    IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute…

  • CVE-2018-1767Oct 29, 2018
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2018-1777Oct 16, 2018
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2018-1770Oct 12, 2018
    risk 0.00cvss epss 0.03

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686.

  • CVE-2018-1838Oct 12, 2018
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811.

  • CVE-2015-5004Dec 15, 2015
    risk 0.00cvss epss 0.01

    The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2015-2017Nov 8, 2015
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

  • CVE-2015-4938Aug 22, 2015
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors.

  • CVE-2015-1932Aug 22, 2015
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.

  • CVE-2015-1946Jul 14, 2015
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.

  • CVE-2015-1936Jul 14, 2015
    risk 0.00cvss epss 0.02

    The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.

  • CVE-2015-1927Jul 14, 2015
    risk 0.00cvss epss 0.02

    The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to…

  • CVE-2015-1885Apr 27, 2015
    risk 0.00cvss epss 0.03

    WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges…

  • CVE-2015-1882Apr 27, 2015
    risk 0.00cvss epss 0.03

    Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.

  • CVE-2015-0175Apr 27, 2015
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

  • CVE-2015-0174Apr 27, 2015
    risk 0.00cvss epss 0.02

    The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2015-0106Mar 24, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web…

  • CVE-2014-8890Dec 18, 2014
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.

Page 11 of 24