VYPR

Websphere Application Server

by IBM

CVEs (462)

  • CVE-2016-5986HigOct 1, 2016
    risk 0.49cvss 7.5epss 0.02

    IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-2945HigJul 8, 2016
    risk 0.49cvss 7.5epss 0.02

    The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.

  • CVE-2016-2923HigJul 7, 2016
    risk 0.49cvss 7.5epss 0.02

    IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive…

  • CVE-2000-0497HigJun 8, 2000
    risk 0.49cvss 7.5epss 0.03

    IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

  • CVE-2018-1695HigSep 6, 2018
    risk 0.48cvss 7.3epss 0.02

    IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.

  • CVE-2017-1382HigJul 24, 2017
    risk 0.46cvss 7.1epss 0.00

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force…

  • CVE-2015-0110MedSep 15, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.

  • CVE-2017-1504MedAug 3, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.

  • CVE-2018-1794MedOct 3, 2018
    risk 0.40cvss 6.1epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2018-1793MedOct 3, 2018
    risk 0.40cvss 6.1epss 0.01

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2017-1503MedOct 10, 2017
    risk 0.40cvss 6.1epss 0.02

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the…

  • CVE-2016-0359MedJul 3, 2016
    risk 0.40cvss 6.1epss 0.01

    CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response…

  • CVE-2016-0283MedMar 19, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2018-1683MedSep 26, 2018
    risk 0.39cvss 5.9epss 0.02

    IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455.

  • CVE-2018-1719MedSep 14, 2018
    risk 0.39cvss 5.9epss 0.02

    IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.

  • CVE-2018-1755MedAug 24, 2018
    risk 0.39cvss 5.9epss 0.03

    IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is…

  • CVE-2017-1501MedAug 18, 2017
    risk 0.39cvss 5.9epss 0.02

    IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.

  • CVE-2018-1614MedJun 26, 2018
    risk 0.38cvss 5.8epss 0.03

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270.

  • CVE-2016-0306MedMay 17, 2016
    risk 0.38cvss 5.9epss 0.01

    IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

  • CVE-2018-1553MedJun 27, 2018
    risk 0.35cvss 5.3epss 0.03

    IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890.

Page 2 of 24