Ibm

Websphere Application Server

436 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-1904

  • EPSS 0.78%
  • Veröffentlicht 11.12.2018 16:29:02
  • Zuletzt bearbeitet 21.11.2024 04:00:34

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.

5.5

CVE-2018-1957

  • EPSS 0.07%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 04:00:39

IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X...

8.1

CVE-2018-1840

  • EPSS 0.67%
  • Veröffentlicht 03.12.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:29

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated t...

7.1

CVE-2018-1905

  • EPSS 0.46%
  • Veröffentlicht 26.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:34

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory reso...

5.5

CVE-2018-1797

  • EPSS 0.44%
  • Veröffentlicht 16.11.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:23

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot s...

6.1

CVE-2018-1643

  • EPSS 0.41%
  • Veröffentlicht 15.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:07

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona...

6.1

CVE-2018-1798

  • EPSS 0.45%
  • Veröffentlicht 12.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:23

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...

9.8

CVE-2018-1851

  • EPSS 3.83%
  • Veröffentlicht 31.10.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:30

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit thi...

6.1

CVE-2018-1767

  • EPSS 0.3%
  • Veröffentlicht 29.10.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:19

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ...

5.4

CVE-2018-1777

  • EPSS 0.3%
  • Veröffentlicht 16.10.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:20

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...