Ibm

Websphere Extreme Scale

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2020-4336

  • EPSS 0.16%
  • Published 06.01.2021 13:15:14
  • Last modified 21.11.2024 05:32:36

IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.

5.4

CVE-2019-4115

  • EPSS 0.21%
  • Published 30.09.2019 16:15:11
  • Last modified 21.11.2024 04:43:11

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w...

3.3

CVE-2019-4112

  • EPSS 0.05%
  • Published 30.09.2019 16:15:11
  • Last modified 21.11.2024 04:43:11

IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.

6.1

CVE-2019-4109

  • EPSS 0.18%
  • Published 30.09.2019 16:15:11
  • Last modified 21.11.2024 04:43:11

IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's c...

4.8

CVE-2019-4106

  • EPSS 0.21%
  • Published 30.09.2019 16:15:11
  • Last modified 21.11.2024 04:43:11

IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

4.4

CVE-2015-7418

  • EPSS 0.13%
  • Published 08.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.

4.3

CVE-2016-2861

  • EPSS 0.23%
  • Published 02.07.2016 14:59:10
  • Last modified 12.04.2025 10:46:40

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

6.1

CVE-2016-0400

  • EPSS 3.49%
  • Published 02.07.2016 14:59:05
  • Last modified 12.04.2025 10:46:40

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks vi...

3.5

CVE-2015-2031

  • EPSS 0.19%
  • Published 04.10.2015 02:59:15
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5

CVE-2015-2030

  • EPSS 0.25%
  • Published 04.10.2015 02:59:14
  • Last modified 12.04.2025 10:46:40

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack.