Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2012-3305

  • EPSS 0.23%
  • Published 25.09.2012 20:55:01
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.

6.8

CVE-2012-3306

  • EPSS 0.34%
  • Published 25.09.2012 20:55:01
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified im...

3.3

CVE-2012-3311

  • EPSS 0.05%
  • Published 25.09.2012 20:55:01
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does no...

6

CVE-2012-3325

  • EPSS 0.97%
  • Published 30.08.2012 22:55:04
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authentic...

5

CVE-2012-2190

  • EPSS 0.91%
  • Published 21.08.2012 10:46:10
  • Last modified 11.04.2025 00:51:21

IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of servi...

4.3

CVE-2012-3293

  • EPSS 0.27%
  • Published 21.08.2012 10:46:10
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary ...

4.3

CVE-2012-0716

  • EPSS 0.27%
  • Published 20.06.2012 10:27:28
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.6

CVE-2012-0717

  • EPSS 0.07%
  • Published 20.06.2012 10:27:28
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

4.3

CVE-2012-0720

  • EPSS 0.27%
  • Published 20.06.2012 10:27:28
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3

CVE-2012-2170

  • EPSS 0.33%
  • Published 20.06.2012 10:27:28
  • Last modified 11.04.2025 00:51:21

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.