Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Websphere_application_server
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 425 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-07-21 | CVE-2017-1381 | IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152. | Websphere_application_server | 3.3 | ||
| 2017-07-24 | CVE-2017-1380 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151. | Websphere_application_server | 5.4 | ||
| 2018-05-04 | CVE-2017-1743 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. | Websphere_application_server | 4.3 | ||
| 2017-10-10 | CVE-2017-1503 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. | Websphere_application_server | 6.1 | ||
| 2017-08-18 | CVE-2017-1501 | IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. | Websphere_application_server | 5.9 | ||
| 2017-04-28 | CVE-2017-1194 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. | Websphere_application_server | 8.8 | ||
| 2017-02-13 | CVE-2017-1121 | IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743 | Websphere_application_server | 5.4 | ||
| 2017-06-08 | CVE-2016-9736 | IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. | Websphere_application_server | 5.3 | ||
| 2017-02-01 | CVE-2016-8934 | IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Websphere_application_server | 5.4 | ||
| 2017-02-01 | CVE-2016-8919 | IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. | Websphere_application_server | 7.5 |