Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2014-3075

  • EPSS 0.19%
  • Published 04.09.2014 10:55:06
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

5

CVE-2014-3070

  • EPSS 0.42%
  • Published 22.08.2014 01:55:08
  • Last modified 12.04.2025 10:46:40

The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access...

5

CVE-2014-3083

  • EPSS 0.32%
  • Published 22.08.2014 01:55:08
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors.

7.1

CVE-2014-4764

  • EPSS 1.13%
  • Published 22.08.2014 01:55:08
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors.

6.5

CVE-2014-4767

  • EPSS 1.08%
  • Published 22.08.2014 01:55:08
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

4.3

CVE-2014-0965

  • EPSS 0.61%
  • Published 22.08.2014 01:55:07
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.

4.3

CVE-2014-3022

  • EPSS 0.65%
  • Published 22.08.2014 01:55:07
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

4

CVE-2014-3087

  • EPSS 0.29%
  • Published 17.08.2014 23:55:06
  • Last modified 12.04.2025 10:46:40

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity r...

4.3

CVE-2014-0957

  • EPSS 0.28%
  • Published 18.07.2014 00:55:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.

5

CVE-2014-0891

  • EPSS 0.39%
  • Published 28.06.2014 00:55:03
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.