Ibm

Websphere Application Server

435 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2014-3075

  • EPSS 0.19%
  • Veröffentlicht 04.09.2014 10:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

5

CVE-2014-3070

  • EPSS 0.42%
  • Veröffentlicht 22.08.2014 01:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access...

5

CVE-2014-3083

  • EPSS 0.32%
  • Veröffentlicht 22.08.2014 01:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors.

7.1

CVE-2014-4764

  • EPSS 1.13%
  • Veröffentlicht 22.08.2014 01:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors.

6.5

CVE-2014-4767

  • EPSS 1.08%
  • Veröffentlicht 22.08.2014 01:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

4.3

CVE-2014-0965

  • EPSS 0.61%
  • Veröffentlicht 22.08.2014 01:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.

4.3

CVE-2014-3022

  • EPSS 0.65%
  • Veröffentlicht 22.08.2014 01:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

4

CVE-2014-3087

  • EPSS 0.29%
  • Veröffentlicht 17.08.2014 23:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity r...

4.3

CVE-2014-0957

  • EPSS 0.28%
  • Veröffentlicht 18.07.2014 00:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.

5

CVE-2014-0891

  • EPSS 0.39%
  • Veröffentlicht 28.06.2014 00:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.