Ibm

Websphere Application Server

443 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2013-0460

  • EPSS 0.12%
  • Veröffentlicht 27.01.2013 18:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbit...

4.3

CVE-2013-0461

  • EPSS 0.27%
  • Veröffentlicht 27.01.2013 18:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers...

10

CVE-2013-0462

  • EPSS 0.46%
  • Veröffentlicht 27.01.2013 18:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors.

5

CVE-2012-3330

  • EPSS 0.59%
  • Veröffentlicht 14.11.2012 12:30:59
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request.

7.5

CVE-2012-4850

  • EPSS 0.79%
  • Veröffentlicht 14.11.2012 12:30:59
  • Zuletzt bearbeitet 29.04.2026 01:13:23

IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.

4.3

CVE-2012-4851

  • EPSS 0.23%
  • Veröffentlicht 14.11.2012 12:30:59
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

6.8

CVE-2012-4853

  • EPSS 0.16%
  • Veröffentlicht 14.11.2012 12:30:59
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for reque...

6.8

CVE-2012-3304

  • EPSS 0.74%
  • Veröffentlicht 25.09.2012 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors.

6.4

CVE-2012-3305

  • EPSS 0.23%
  • Veröffentlicht 25.09.2012 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.

6.8

CVE-2012-3306

  • EPSS 0.34%
  • Veröffentlicht 25.09.2012 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified im...