Ibm

Websphere Application Server

439 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2014-3022

  • EPSS 0.65%
  • Veröffentlicht 22.08.2014 01:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

4

CVE-2014-3087

  • EPSS 0.29%
  • Veröffentlicht 17.08.2014 23:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity r...

4.3

CVE-2014-0957

  • EPSS 0.28%
  • Veröffentlicht 18.07.2014 00:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.

5

CVE-2014-0891

  • EPSS 0.39%
  • Veröffentlicht 28.06.2014 00:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.

7.1

CVE-2014-0964

  • EPSS 1.17%
  • Veröffentlicht 16.05.2014 11:12:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.

3.5

CVE-2013-6323

  • EPSS 0.29%
  • Veröffentlicht 01.05.2014 17:29:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote aut...

4.3

CVE-2014-0823

  • EPSS 0.39%
  • Veröffentlicht 01.05.2014 17:29:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.

4

CVE-2014-0857

  • EPSS 0.25%
  • Veröffentlicht 01.05.2014 17:29:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request.

5

CVE-2014-0859

  • EPSS 1.62%
  • Veröffentlicht 01.05.2014 17:29:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vect...

4.3

CVE-2014-0896

  • EPSS 0.23%
  • Veröffentlicht 01.05.2014 17:29:56
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.