National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ibm:websphere_application_server:6.1.0.31
There are 90 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2014-0964

IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.

Published: May 16, 2014; 07:12:00 AM -04:00
    V2: 7.1 HIGH
CVE-2013-4053

The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors.

Published: September 20, 2013; 05:55:05 PM -04:00
    V2: 6.8 MEDIUM
CVE-2013-4052

Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 20, 2013; 05:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-0596

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 20, 2013; 05:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-4005

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

Published: August 21, 2013; 05:55:06 PM -04:00
    V2: 3.5 LOW
CVE-2013-3029

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.

Published: August 21, 2013; 05:55:06 PM -04:00
    V2: 6.8 MEDIUM
CVE-2013-2976

The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.

Published: August 21, 2013; 05:55:06 PM -04:00
    V2: 1.9 LOW
CVE-2013-2967

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: August 21, 2013; 05:55:06 PM -04:00
    V2: 4.3 MEDIUM
CVE-2013-0544

Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors.

Published: April 24, 2013; 06:28:37 AM -04:00
    V2: 5.5 MEDIUM
CVE-2013-0543

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Published: April 24, 2013; 06:28:37 AM -04:00
    V2: 6.8 MEDIUM
CVE-2013-0542

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values.

Published: April 24, 2013; 06:28:37 AM -04:00
    V2: 4.3 MEDIUM
CVE-2013-0541

Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors.

Published: April 24, 2013; 06:28:37 AM -04:00
    V2: 1.9 LOW
CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Published: March 15, 2013; 05:55:01 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2013-0461

Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 27, 2013; 01:55:02 PM -05:00
    V2: 4.3 MEDIUM
CVE-2013-0460

Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.

Published: January 27, 2013; 01:55:02 PM -05:00
    V2: 6.8 MEDIUM
CVE-2013-0459

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 27, 2013; 01:55:02 PM -05:00
    V2: 4.3 MEDIUM
CVE-2013-0458

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 27, 2013; 01:55:02 PM -05:00
    V2: 4.3 MEDIUM
CVE-2012-4853

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.

Published: November 14, 2012; 07:30:59 AM -05:00
    V2: 6.8 MEDIUM
CVE-2012-4851

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

Published: November 14, 2012; 07:30:59 AM -05:00
    V2: 4.3 MEDIUM
CVE-2012-3311

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors.

Published: September 25, 2012; 04:55:01 PM -04:00
    V2: 3.3 LOW