Search Results (Refine Search)
- Keyword (text search): cpe:/o:ibm:z/os
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-27265 |
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. Published: March 14, 2024; 3:15:50 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-26283 |
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. Published: April 02, 2023; 5:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-26281 |
IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. Published: March 01, 2023; 3:15:14 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-23477 |
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. Published: February 03, 2023; 2:15:13 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-43917 |
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. Published: January 26, 2023; 4:17:49 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-40750 |
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. Published: November 11, 2022; 2:15:11 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-38712 |
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762." Published: November 03, 2022; 4:15:29 PM -0400 |
V3.1: 5.9 MEDIUM V2.0:(not available) |
CVE-2022-34336 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. Published: September 13, 2022; 5:15:09 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-34165 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. Published: September 09, 2022; 12:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-22477 |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. Published: July 14, 2022; 1:15:08 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-22473 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. Published: July 14, 2022; 1:15:08 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2022-22318 |
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Published: June 20, 2022; 1:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 6.5 MEDIUM |
CVE-2022-22317 |
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281. Published: June 20, 2022; 1:15:08 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-22310 |
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224. Published: January 19, 2022; 12:15:08 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2021-38951 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. Published: December 09, 2021; 12:15:07 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2021-29841 |
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. Published: September 14, 2021; 10:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-29736 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300. Published: July 30, 2021; 8:15:07 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-29754 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. Published: June 11, 2021; 11:15:11 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-20480 |
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. Published: April 08, 2021; 9:15:13 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-20354 |
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. Published: February 18, 2021; 10:15:14 AM -0500 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |