Ibm

Websphere Application Server

435 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2018-1957

  • EPSS 0.07%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 04:00:39

IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X...

8.1

CVE-2018-1840

  • EPSS 0.7%
  • Veröffentlicht 03.12.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:29

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated t...

7.1

CVE-2018-1905

  • EPSS 0.47%
  • Veröffentlicht 26.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:34

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory reso...

5.5

CVE-2018-1797

  • EPSS 0.46%
  • Veröffentlicht 16.11.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:23

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot s...

6.1

CVE-2018-1643

  • EPSS 0.43%
  • Veröffentlicht 15.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:07

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona...

6.1

CVE-2018-1798

  • EPSS 0.47%
  • Veröffentlicht 12.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:23

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...

9.8

CVE-2018-1851

  • EPSS 5.11%
  • Veröffentlicht 31.10.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:30

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit thi...

6.1

CVE-2018-1767

  • EPSS 0.35%
  • Veröffentlicht 29.10.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:19

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ...

5.4

CVE-2018-1777

  • EPSS 0.3%
  • Veröffentlicht 16.10.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:20

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...

6.5

CVE-2018-1770

Exploit
  • EPSS 0.48%
  • Veröffentlicht 12.10.2018 11:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:20

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the s...