Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-2923

  • EPSS 0.28%
  • Published 07.07.2016 14:59:06
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain p...

5.3

CVE-2016-0389

  • EPSS 0.23%
  • Published 07.07.2016 14:59:01
  • Last modified 12.04.2025 10:46:40

Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.

6.1

CVE-2016-0359

  • EPSS 0.31%
  • Published 03.07.2016 21:59:03
  • Last modified 12.04.2025 10:46:40

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and c...

9.1

CVE-2015-5041

  • EPSS 0.89%
  • Published 06.06.2016 17:59:00
  • Last modified 12.04.2025 10:46:40

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

5.9

CVE-2016-0306

  • EPSS 0.26%
  • Published 17.05.2016 14:08:00
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

6.1

CVE-2016-0283

  • EPSS 0.27%
  • Published 19.03.2016 15:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted U...

5.4

CVE-2015-7417

  • EPSS 0.17%
  • Published 23.01.2016 05:59:01
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth prov...

10

CVE-2015-7450

Warning Exploit
  • EPSS 93.85%
  • Published 02.01.2016 21:59:15
  • Last modified 12.04.2025 10:46:40

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerT...

4

CVE-2015-5004

  • EPSS 0.17%
  • Published 15.12.2015 05:59:01
  • Last modified 12.04.2025 10:46:40

The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.3

CVE-2015-2017

  • EPSS 0.34%
  • Published 08.11.2015 22:59:09
  • Last modified 12.04.2025 10:46:40

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting...