Ibm

Websphere Application Server

439 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2016-3042

  • EPSS 0.2%
  • Veröffentlicht 01.10.2016 01:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.

3.5

CVE-2016-0385

  • EPSS 0.25%
  • Veröffentlicht 01.09.2016 10:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain ...

4.3

CVE-2016-2960

  • EPSS 0.68%
  • Veröffentlicht 08.08.2016 01:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of servi...

7.5

CVE-2016-2945

  • EPSS 0.63%
  • Veröffentlicht 08.07.2016 01:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.

7.5

CVE-2016-2923

  • EPSS 0.28%
  • Veröffentlicht 07.07.2016 14:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain p...

5.3

CVE-2016-0389

  • EPSS 0.23%
  • Veröffentlicht 07.07.2016 14:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.

6.1

CVE-2016-0359

  • EPSS 0.31%
  • Veröffentlicht 03.07.2016 21:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and c...

9.1

CVE-2015-5041

  • EPSS 0.89%
  • Veröffentlicht 06.06.2016 17:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

5.9

CVE-2016-0306

  • EPSS 0.26%
  • Veröffentlicht 17.05.2016 14:08:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

6.1

CVE-2016-0283

  • EPSS 0.27%
  • Veröffentlicht 19.03.2016 15:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted U...