Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-0106

  • EPSS 0.27%
  • Published 24.03.2015 00:59:02
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attac...

5.1

CVE-2014-8890

  • EPSS 1.39%
  • Published 18.12.2014 16:59:17
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.

4.3

CVE-2014-6174

  • EPSS 0.22%
  • Published 18.12.2014 16:59:14
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.

4.3

CVE-2014-6167

  • EPSS 0.27%
  • Published 18.12.2014 16:59:13
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafte...

4.3

CVE-2014-6166

  • EPSS 0.31%
  • Published 18.12.2014 16:59:12
  • Last modified 12.04.2025 10:46:40

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML externa...

5

CVE-2014-6164

  • EPSS 0.23%
  • Published 18.12.2014 16:59:11
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.

5

CVE-2014-3021

  • EPSS 0.29%
  • Published 19.10.2014 01:55:12
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP me...

3.5

CVE-2014-4770

  • EPSS 0.35%
  • Published 23.09.2014 22:55:03
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTM...

6

CVE-2014-4816

  • EPSS 0.14%
  • Published 23.09.2014 22:55:03
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack...

4

CVE-2014-4758

  • EPSS 0.2%
  • Published 04.09.2014 10:55:07
  • Last modified 12.04.2025 10:46:40

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.