Ibm

Websphere Application Server

443 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2017-1382

  • EPSS 0.04%
  • Veröffentlicht 24.07.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an u...

3.3

CVE-2017-1381

  • EPSS 0.06%
  • Veröffentlicht 21.07.2017 20:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.

5.3

CVE-2016-9736

  • EPSS 0.51%
  • Veröffentlicht 08.06.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.

8.1

CVE-2017-1137

  • EPSS 0.99%
  • Veröffentlicht 10.05.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.

8.8

CVE-2017-1194

  • EPSS 0.17%
  • Veröffentlicht 28.04.2017 17:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.

8.1

CVE-2017-1151

  • EPSS 0.56%
  • Veröffentlicht 20.03.2017 16:59:02
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.

5.4

CVE-2017-1121

  • EPSS 0.27%
  • Veröffentlicht 13.02.2017 22:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

7.8

CVE-2016-8919

  • EPSS 1.1%
  • Veröffentlicht 01.02.2017 22:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.

5.4

CVE-2016-8934

  • EPSS 0.2%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 13.05.2026 00:24:29

IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...

7.5

CVE-2016-9879

  • EPSS 0.32%
  • Veröffentlicht 06.01.2017 22:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "...