Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-5016

  • EPSS 0.1%
  • Published 10.03.2021 15:15:12
  • Last modified 21.11.2024 05:33:33

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL re...

7.8

CVE-2021-20354

  • EPSS 0.29%
  • Published 18.02.2021 15:15:14
  • Last modified 21.11.2024 05:46:27

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ...

8.2

CVE-2021-20353

  • EPSS 1.48%
  • Published 10.02.2021 17:15:22
  • Last modified 21.11.2024 05:46:27

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory reso...

8.2

CVE-2020-4949

  • EPSS 0.33%
  • Published 26.01.2021 15:15:13
  • Last modified 21.11.2024 05:33:27

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory reso...

6.5

CVE-2020-4782

  • EPSS 0.42%
  • Published 28.10.2020 17:15:13
  • Last modified 21.11.2024 05:33:14

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the s...

7.5

CVE-2020-4576

  • EPSS 0.44%
  • Published 01.10.2020 16:15:12
  • Last modified 21.11.2024 05:32:55

IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428.

3.3

CVE-2020-4629

  • EPSS 0.09%
  • Published 30.09.2020 15:15:13
  • Last modified 21.11.2024 05:33:00

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IB...

7.5

CVE-2020-4643

  • EPSS 0.34%
  • Published 21.09.2020 17:15:13
  • Last modified 21.11.2024 05:33:02

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 18559...

6.5

CVE-2020-4590

  • EPSS 0.45%
  • Published 21.09.2020 15:15:13
  • Last modified 21.11.2024 05:32:56

IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.

5.4

CVE-2020-4578

  • EPSS 0.29%
  • Published 10.09.2020 17:15:33
  • Last modified 21.11.2024 05:32:55

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...