Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2017-1504

  • EPSS 0.16%
  • Published 03.08.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.

5.4

CVE-2017-1380

  • EPSS 0.4%
  • Published 24.07.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...

7.1

CVE-2017-1382

  • EPSS 0.04%
  • Published 24.07.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an u...

3.3

CVE-2017-1381

  • EPSS 0.06%
  • Published 21.07.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.

5.3

CVE-2016-9736

  • EPSS 0.3%
  • Published 08.06.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.

8.1

CVE-2017-1137

  • EPSS 0.99%
  • Published 10.05.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.

8.8

CVE-2017-1194

  • EPSS 0.17%
  • Published 28.04.2017 17:59:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.

8.1

CVE-2017-1151

  • EPSS 0.56%
  • Published 20.03.2017 16:59:02
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.

5.4

CVE-2017-1121

  • EPSS 0.27%
  • Published 13.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

7.8

CVE-2016-8919

  • EPSS 0.86%
  • Published 01.02.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.