Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Websphere_application_server
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 414 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-03 | CVE-2017-1504 | IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. | Websphere_application_server | 6.5 | ||
| 2017-07-24 | CVE-2017-1382 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. | Websphere_application_server | 7.1 | ||
| 2017-03-20 | CVE-2017-1151 | IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293. | Websphere_application_server | 8.1 | ||
| 2017-05-10 | CVE-2017-1137 | IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549. | Websphere_application_server | 8.1 | ||
| 2017-07-21 | CVE-2017-1381 | IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152. | Websphere_application_server | 3.3 | ||
| 2017-07-24 | CVE-2017-1380 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151. | Websphere_application_server | 5.4 | ||
| 2018-05-04 | CVE-2017-1743 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. | Websphere_application_server | 4.3 | ||
| 2017-10-10 | CVE-2017-1503 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. | Websphere_application_server | 6.1 | ||
| 2017-08-18 | CVE-2017-1501 | IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. | Websphere_application_server | 5.9 | ||
| 2017-04-28 | CVE-2017-1194 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. | Websphere_application_server | 8.8 |