Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2015-4938

  • EPSS 0.38%
  • Published 22.08.2015 23:59:05
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors.

5

CVE-2015-1932

  • EPSS 0.38%
  • Published 22.08.2015 23:59:01
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software b...

4.4

CVE-2015-1946

  • EPSS 0.06%
  • Published 14.07.2015 17:59:02
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via...

6

CVE-2015-1936

  • EPSS 0.31%
  • Published 14.07.2015 17:59:01
  • Last modified 12.04.2025 10:46:40

The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.

6.8

CVE-2015-1927

  • EPSS 0.58%
  • Published 14.07.2015 17:59:00
  • Last modified 12.04.2025 10:46:40

The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which a...

10

CVE-2015-1920

  • EPSS 18.39%
  • Published 20.05.2015 00:59:01
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.

9.3

CVE-2015-1885

  • EPSS 2.48%
  • Published 27.04.2015 12:59:03
  • Last modified 12.04.2025 10:46:40

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote a...

8.5

CVE-2015-1882

  • EPSS 2.2%
  • Published 27.04.2015 12:59:02
  • Last modified 12.04.2025 10:46:40

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the con...

5.5

CVE-2015-0175

  • EPSS 0.36%
  • Published 27.04.2015 12:59:01
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

4

CVE-2015-0174

  • EPSS 0.17%
  • Published 27.04.2015 12:59:00
  • Last modified 12.04.2025 10:46:40

The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.