Websphere
by IBM
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0497 | Hig | 0.49 | 7.5 | 0.03 | Jun 8, 2000 | IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | ||
| CVE-2016-9693 | Med | 0.40 | 6.1 | 0.01 | Mar 7, 2017 | IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the… | ||
| CVE-2000-0652 | 0.04 | — | 0.08 | Jul 24, 2000 | IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. | |||
| CVE-2001-0122 | 0.03 | — | 0.03 | Mar 13, 2001 | Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. | |||
| CVE-1999-0944 | 0.03 | — | 0.04 | Oct 24, 1999 | IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections. | |||
| CVE-2018-1974 | 0.00 | — | 0.01 | Mar 11, 2019 | IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915. | |||
| CVE-2015-1884 | 0.00 | — | 0.03 | Jun 28, 2015 | Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary… | |||
| CVE-2015-0193 | 0.00 | — | 0.01 | May 30, 2015 | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or… | |||
| CVE-2015-0156 | 0.00 | — | 0.01 | May 25, 2015 | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or… | |||
| CVE-2006-2434 | 0.00 | — | 0.02 | May 17, 2006 | Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. | |||
| CVE-2006-1093 | 0.00 | — | 0.01 | Mar 9, 2006 | Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. | |||
| CVE-2005-2091 | 0.00 | — | 0.02 | Jul 5, 2005 | IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to… | |||
| CVE-2002-1153 | 0.00 | — | 0.03 | Oct 11, 2002 | IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host". | |||
| CVE-2001-0824 | 0.00 | — | 0.02 | Dec 6, 2001 | Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. | |||
| CVE-2001-0312 | 0.00 | — | 0.02 | Jun 2, 2001 | IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing. | |||
| CVE-1999-0852 | 0.00 | — | 0.00 | Dec 2, 1999 | IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. |
- risk 0.49cvss 7.5epss 0.03
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
- risk 0.40cvss 6.1epss 0.01
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the…
- CVE-2000-0652Jul 24, 2000risk 0.04cvss —epss 0.08
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.
- CVE-2001-0122Mar 13, 2001risk 0.03cvss —epss 0.03
Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.
- CVE-1999-0944Oct 24, 1999risk 0.03cvss —epss 0.04
IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.
- CVE-2018-1974Mar 11, 2019risk 0.00cvss —epss 0.01
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.
- CVE-2015-1884Jun 28, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary…
- CVE-2015-0193May 30, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or…
- CVE-2015-0156May 25, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or…
- CVE-2006-2434May 17, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace.
- CVE-2006-1093Mar 9, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed.
- CVE-2005-2091Jul 5, 2005risk 0.00cvss —epss 0.02
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to…
- CVE-2002-1153Oct 11, 2002risk 0.00cvss —epss 0.03
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".
- CVE-2001-0824Dec 6, 2001risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.
- CVE-2001-0312Jun 2, 2001risk 0.00cvss —epss 0.02
IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.
- CVE-1999-0852Dec 2, 1999risk 0.00cvss —epss 0.00
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.