Total
401 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0106 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2015-03-24 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2009-1172 | 1 Ibm | 1 Websphere Application Server | 2014-10-23 | 10.0 HIGH | N/A |
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors. | |||||
CVE-2009-1173 | 1 Ibm | 1 Websphere Application Server | 2014-10-23 | 2.1 LOW | N/A |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used. | |||||
CVE-2013-1777 | 2 Apache, Ibm | 2 Geronimo, Websphere Application Server | 2014-03-31 | 10.0 HIGH | N/A |
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object. | |||||
CVE-2013-0462 | 1 Ibm | 1 Websphere Application Server | 2013-01-29 | 10.0 HIGH | N/A |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. | |||||
CVE-2010-2087 | 3 Caucho, Ibm, Oracle | 3 Resin, Websphere Application Server, Mojarra | 2013-01-27 | 4.3 MEDIUM | N/A |
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. | |||||
CVE-2007-4839 | 1 Ibm | 1 Websphere Application Server | 2012-10-30 | 7.5 HIGH | N/A |
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803. | |||||
CVE-2012-0716 | 1 Ibm | 1 Websphere Application Server | 2012-07-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-0717 | 1 Ibm | 1 Websphere Application Server | 2012-06-20 | 2.6 LOW | N/A |
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. | |||||
CVE-2011-5066 | 1 Ibm | 1 Websphere Application Server | 2012-02-07 | 2.1 LOW | N/A |
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. | |||||
CVE-2012-0193 | 1 Ibm | 1 Websphere Application Server | 2012-01-26 | 5.0 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
CVE-2008-5413 | 1 Ibm | 1 Websphere Application Server | 2011-08-22 | 5.0 MEDIUM | N/A |
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. | |||||
CVE-2006-6637 | 1 Ibm | 1 Websphere Application Server | 2011-06-13 | 5.0 MEDIUM | N/A |
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." | |||||
CVE-2011-1683 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2011-04-20 | 6.8 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. | |||||
CVE-2011-1307 | 1 Ibm | 1 Websphere Application Server | 2011-04-20 | 2.1 LOW | N/A |
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. | |||||
CVE-2011-1312 | 1 Ibm | 1 Websphere Application Server | 2011-04-06 | 4.0 MEDIUM | N/A |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. | |||||
CVE-2007-6679 | 1 Ibm | 1 Websphere Application Server | 2011-04-06 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected. | |||||
CVE-2011-1317 | 1 Ibm | 1 Websphere Application Server | 2011-04-06 | 5.0 MEDIUM | N/A |
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses. | |||||
CVE-2011-1316 | 1 Ibm | 1 Websphere Application Server | 2011-04-06 | 5.0 MEDIUM | N/A |
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages. | |||||
CVE-2011-1315 | 1 Ibm | 1 Websphere Application Server | 2011-04-06 | 5.0 MEDIUM | N/A |
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. |