Ibm

Websphere Application Server

443 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2014-6174

  • EPSS 0.22%
  • Veröffentlicht 18.12.2014 16:59:14
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.

4.3

CVE-2014-6167

  • EPSS 0.27%
  • Veröffentlicht 18.12.2014 16:59:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafte...

4.3

CVE-2014-6166

  • EPSS 0.31%
  • Veröffentlicht 18.12.2014 16:59:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML externa...

5

CVE-2014-6164

  • EPSS 0.23%
  • Veröffentlicht 18.12.2014 16:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.

5

CVE-2014-3021

  • EPSS 0.29%
  • Veröffentlicht 19.10.2014 01:55:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP me...

3.5

CVE-2014-4770

  • EPSS 0.35%
  • Veröffentlicht 23.09.2014 22:55:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTM...

6

CVE-2014-4816

  • EPSS 0.14%
  • Veröffentlicht 23.09.2014 22:55:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack...

4

CVE-2014-4758

  • EPSS 0.2%
  • Veröffentlicht 04.09.2014 10:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

3.5

CVE-2014-3075

  • EPSS 0.19%
  • Veröffentlicht 04.09.2014 10:55:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

5

CVE-2014-3070

  • EPSS 0.42%
  • Veröffentlicht 22.08.2014 01:55:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access...