Ibm

Websphere Application Server

439 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2018-1996

  • EPSS 0.09%
  • Veröffentlicht 19.02.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:42

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle ...

8.8

CVE-2018-1901

  • EPSS 0.74%
  • Veröffentlicht 12.12.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:00:34

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530.

8.8

CVE-2018-1926

  • EPSS 0.17%
  • Veröffentlicht 12.12.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:00:36

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a spe...

9.8

CVE-2018-1904

  • EPSS 0.78%
  • Veröffentlicht 11.12.2018 16:29:02
  • Zuletzt bearbeitet 21.11.2024 04:00:34

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.

5.5

CVE-2018-1957

  • EPSS 0.07%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 04:00:39

IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X...

8.1

CVE-2018-1840

  • EPSS 0.67%
  • Veröffentlicht 03.12.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:29

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated t...

7.1

CVE-2018-1905

  • EPSS 0.43%
  • Veröffentlicht 26.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:34

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory reso...

5.5

CVE-2018-1797

  • EPSS 0.43%
  • Veröffentlicht 16.11.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:23

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot s...

6.1

CVE-2018-1643

  • EPSS 0.41%
  • Veröffentlicht 15.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:07

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona...

6.1

CVE-2018-1798

  • EPSS 0.45%
  • Veröffentlicht 12.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:00:23

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...