Ibm

Websphere Application Server

443 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2015-1946

  • EPSS 0.06%
  • Veröffentlicht 14.07.2015 17:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via...

6

CVE-2015-1936

  • EPSS 0.31%
  • Veröffentlicht 14.07.2015 17:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.

6.8

CVE-2015-1927

  • EPSS 0.58%
  • Veröffentlicht 14.07.2015 17:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which a...

10

CVE-2015-1920

  • EPSS 18.39%
  • Veröffentlicht 20.05.2015 00:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.

9.3

CVE-2015-1885

  • EPSS 2.48%
  • Veröffentlicht 27.04.2015 12:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote a...

8.5

CVE-2015-1882

  • EPSS 2.2%
  • Veröffentlicht 27.04.2015 12:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the con...

5.5

CVE-2015-0175

  • EPSS 0.36%
  • Veröffentlicht 27.04.2015 12:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

4

CVE-2015-0174

  • EPSS 0.17%
  • Veröffentlicht 27.04.2015 12:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.3

CVE-2015-0106

  • EPSS 0.27%
  • Veröffentlicht 24.03.2015 00:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attac...

5.1

CVE-2014-8890

  • EPSS 1.39%
  • Veröffentlicht 18.12.2014 16:59:17
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.