Ibm

Websphere Application Server

435 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2010-0786

  • EPSS 0.59%
  • Published 09.11.2010 21:00:02
  • Last modified 11.04.2025 00:51:21

The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption)...

5

CVE-2010-3700

  • EPSS 0.25%
  • Published 29.10.2010 19:00:02
  • Last modified 11.04.2025 00:51:21

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parame...

4

CVE-2010-0781

  • EPSS 0.51%
  • Published 21.09.2010 20:00:01
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.

10

CVE-2010-3186

  • EPSS 1.9%
  • Published 30.08.2010 20:00:02
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Sec...

4.3

CVE-2010-0778

  • EPSS 0.2%
  • Published 24.06.2010 17:30:00
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2010-0779

  • EPSS 0.2%
  • Published 24.06.2010 17:30:00
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unsp...

5

CVE-2010-2323

  • EPSS 0.3%
  • Published 18.06.2010 18:30:01
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT.

7.5

CVE-2010-2324

  • EPSS 0.4%
  • Published 18.06.2010 18:30:01
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.

4.3

CVE-2010-2325

  • EPSS 0.25%
  • Published 18.06.2010 18:30:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "U...

4.3

CVE-2010-2326

  • EPSS 0.49%
  • Published 18.06.2010 18:30:01
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file.