Ibm

Websphere Application Server

435 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-0106

  • EPSS 0.27%
  • Veröffentlicht 24.03.2015 00:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attac...

5.1

CVE-2014-8890

  • EPSS 1.39%
  • Veröffentlicht 18.12.2014 16:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.

4.3

CVE-2014-6174

  • EPSS 0.22%
  • Veröffentlicht 18.12.2014 16:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.

4.3

CVE-2014-6167

  • EPSS 0.27%
  • Veröffentlicht 18.12.2014 16:59:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafte...

4.3

CVE-2014-6166

  • EPSS 0.31%
  • Veröffentlicht 18.12.2014 16:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML externa...

5

CVE-2014-6164

  • EPSS 0.23%
  • Veröffentlicht 18.12.2014 16:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.

5

CVE-2014-3021

  • EPSS 0.29%
  • Veröffentlicht 19.10.2014 01:55:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP me...

3.5

CVE-2014-4770

  • EPSS 0.35%
  • Veröffentlicht 23.09.2014 22:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTM...

6

CVE-2014-4816

  • EPSS 0.14%
  • Veröffentlicht 23.09.2014 22:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack...

4

CVE-2014-4758

  • EPSS 0.2%
  • Veröffentlicht 04.09.2014 10:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.