Ibm

Websphere Application Server

443 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2016-0359

  • EPSS 0.31%
  • Veröffentlicht 03.07.2016 21:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and c...

9.1

CVE-2015-5041

  • EPSS 0.89%
  • Veröffentlicht 06.06.2016 17:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

5.9

CVE-2016-0306

  • EPSS 0.26%
  • Veröffentlicht 17.05.2016 14:08:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

6.1

CVE-2016-0283

  • EPSS 0.27%
  • Veröffentlicht 19.03.2016 15:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted U...

5.4

CVE-2015-7417

  • EPSS 0.17%
  • Veröffentlicht 23.01.2016 05:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth prov...

10

CVE-2015-7450

Warnung Exploit
  • EPSS 93.27%
  • Veröffentlicht 02.01.2016 21:59:15
  • Zuletzt bearbeitet 21.04.2026 19:12:42

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerT...

4

CVE-2015-5004

  • EPSS 0.17%
  • Veröffentlicht 15.12.2015 05:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.3

CVE-2015-2017

  • EPSS 0.35%
  • Veröffentlicht 08.11.2015 22:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting...

5

CVE-2015-4938

  • EPSS 0.38%
  • Veröffentlicht 22.08.2015 23:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors.

5

CVE-2015-1932

  • EPSS 0.38%
  • Veröffentlicht 22.08.2015 23:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software b...