Ibm

Websphere Extreme Scale

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.29%
  • Veröffentlicht 30.06.2026 19:24:03
  • Zuletzt bearbeitet 03.07.2026 04:17:36

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) that install no JEP-290 class filter; when Coherence is on the classpa...

  • EPSS 0.27%
  • Veröffentlicht 30.06.2026 19:21:43
  • Zuletzt bearbeitet 03.07.2026 04:17:40

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and r...

  • EPSS 3.01%
  • Veröffentlicht 30.06.2026 19:20:49
  • Zuletzt bearbeitet 02.07.2026 18:26:29

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfi...

  • EPSS 0.27%
  • Veröffentlicht 30.06.2026 19:08:43
  • Zuletzt bearbeitet 02.07.2026 19:59:28

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled...

  • EPSS 0.97%
  • Veröffentlicht 06.01.2021 13:15:14
  • Zuletzt bearbeitet 21.11.2024 05:32:36

IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.

  • EPSS 0.67%
  • Veröffentlicht 30.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:11

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w...

  • EPSS 0.34%
  • Veröffentlicht 30.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:11

IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.

  • EPSS 1.25%
  • Veröffentlicht 30.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:11

IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's c...

  • EPSS 0.66%
  • Veröffentlicht 30.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:11

IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

  • EPSS 0.35%
  • Veröffentlicht 08.02.2017 22:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.