Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:ibm:websphere_application_server:7.2:*:lombardi:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-4758 |
IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL. Published: September 04, 2014; 6:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-3087 |
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: August 17, 2014; 7:55:06 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-0957 |
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure. Published: July 17, 2014; 8:55:04 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2162 |
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. Published: May 01, 2012; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-0707 |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section. Published: February 23, 2012; 7:33:55 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-2087 |
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. Published: May 27, 2010; 3:00:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |