Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2016-8934

  • EPSS 0.2%
  • Published 01.02.2017 20:59:02
  • Last modified 20.04.2025 01:37:25

IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...

7.5

CVE-2016-9879

  • EPSS 0.32%
  • Published 06.01.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "...

4.3

CVE-2016-0378

  • EPSS 0.34%
  • Published 24.11.2016 19:59:10
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.

4.3

CVE-2016-0377

  • EPSS 0.23%
  • Published 22.10.2016 03:59:11
  • Last modified 12.04.2025 10:46:40

The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspe...

7.5

CVE-2016-5983

  • EPSS 13.76%
  • Published 05.10.2016 10:59:18
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

7.5

CVE-2016-5986

  • EPSS 0.33%
  • Published 01.10.2016 01:59:07
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspec...

5.4

CVE-2016-3042

  • EPSS 0.2%
  • Published 01.10.2016 01:59:02
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.

3.5

CVE-2016-0385

  • EPSS 0.25%
  • Published 01.09.2016 10:59:00
  • Last modified 12.04.2025 10:46:40

Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain ...

4.3

CVE-2016-2960

  • EPSS 0.68%
  • Published 08.08.2016 01:59:11
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of servi...

7.5

CVE-2016-2945

  • EPSS 0.63%
  • Published 08.07.2016 01:59:11
  • Last modified 12.04.2025 10:46:40

The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.