VYPR

Websphere

by IBM

CVEs (16)

  • CVE-2000-0497HigJun 8, 2000
    risk 0.49cvss 7.5epss 0.03

    IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

  • CVE-2016-9693MedMar 7, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the…

  • CVE-2000-0652Jul 24, 2000
    risk 0.04cvss epss 0.08

    IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.

  • CVE-2001-0122Mar 13, 2001
    risk 0.03cvss epss 0.03

    Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.

  • CVE-1999-0944Oct 24, 1999
    risk 0.03cvss epss 0.04

    IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.

  • CVE-2018-1974Mar 11, 2019
    risk 0.00cvss epss 0.01

    IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.

  • CVE-2015-1884Jun 28, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary…

  • CVE-2015-0193May 30, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or…

  • CVE-2015-0156May 25, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or…

  • CVE-2006-2434May 17, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace.

  • CVE-2006-1093Mar 9, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed.

  • CVE-2005-2091Jul 5, 2005
    risk 0.00cvss epss 0.02

    IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to…

  • CVE-2002-1153Oct 11, 2002
    risk 0.00cvss epss 0.03

    IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".

  • CVE-2001-0824Dec 6, 2001
    risk 0.00cvss epss 0.02

    Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.

  • CVE-2001-0312Jun 2, 2001
    risk 0.00cvss epss 0.02

    IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.

  • CVE-1999-0852Dec 2, 1999
    risk 0.00cvss epss 0.00

    IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.