Filtered by vendor Ibm
Subscriptions
Filtered by product Websphere Application Server
Subscriptions
Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-1377 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors. | ||||
CVE-2011-1356 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. | ||||
CVE-2011-1308 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2011-1355 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. | ||||
CVE-2011-1368 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors. | ||||
CVE-2011-1209 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." | ||||
CVE-2011-1032 | 1 Ibm | 2 Lotus Connections, Websphere Application Server | 2024-08-06 | N/A |
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. | ||||
CVE-2011-0315 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. | ||||
CVE-2011-0316 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. | ||||
CVE-2012-5955 | 1 Ibm | 2 Http Server, Websphere Application Server | 2024-08-06 | N/A |
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
CVE-2012-4850 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | ||||
CVE-2012-4853 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure. | ||||
CVE-2012-4851 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | ||||
CVE-2012-3325 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors. | ||||
CVE-2012-3330 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request. | ||||
CVE-2012-3305 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file. | ||||
CVE-2012-3293 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. | ||||
CVE-2012-3304 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors. | ||||
CVE-2012-3311 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2024-08-06 | N/A |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. | ||||
CVE-2012-3306 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors. |