Ibm

Websphere Application Server

439 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2020-4450

  • EPSS 71.86%
  • Veröffentlicht 05.06.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:32:45

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.

4.3

CVE-2020-4365

  • EPSS 0.09%
  • Veröffentlicht 14.05.2020 16:15:15
  • Zuletzt bearbeitet 21.11.2024 05:32:39

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964.

5.3

CVE-2020-10693

  • EPSS 0.28%
  • Veröffentlicht 06.05.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:52

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping...

5.5

CVE-2020-4421

  • EPSS 0.17%
  • Veröffentlicht 06.05.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:43

IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.

4.3

CVE-2020-4329

  • EPSS 0.21%
  • Veröffentlicht 28.04.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:32:36

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing...

8.8

CVE-2020-4362

  • EPSS 0.53%
  • Veröffentlicht 10.04.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:38

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.

6.1

CVE-2020-4303

  • EPSS 0.29%
  • Veröffentlicht 02.04.2020 15:15:17
  • Zuletzt bearbeitet 21.11.2024 05:32:33

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ...

6.1

CVE-2020-4304

  • EPSS 0.22%
  • Veröffentlicht 02.04.2020 15:15:17
  • Zuletzt bearbeitet 21.11.2024 05:32:33

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ...

7.5

CVE-2020-4276

  • EPSS 0.45%
  • Veröffentlicht 26.03.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:30

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.

6.5

CVE-2019-4670

  • EPSS 0.24%
  • Veröffentlicht 05.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:57

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.