Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:websphere_application_server:7.0.0.11
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0462 |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. Published: January 27, 2013; 1:55:02 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-0461 |
Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 27, 2013; 1:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-0460 |
Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Published: January 27, 2013; 1:55:02 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-0459 |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 27, 2013; 1:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-0458 |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 27, 2013; 1:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4853 |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure. Published: November 14, 2012; 7:30:59 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4851 |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Published: November 14, 2012; 7:30:59 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3330 |
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request. Published: November 14, 2012; 7:30:59 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-3311 |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. Published: September 25, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-3306 |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors. Published: September 25, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-3305 |
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file. Published: September 25, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2012-3304 |
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors. Published: September 25, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-3325 |
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors. Published: August 30, 2012; 6:55:04 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2012-3293 |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. Published: August 21, 2012; 6:46:10 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2190 |
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol. Published: August 21, 2012; 6:46:10 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2170 |
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request. Published: June 20, 2012; 6:27:28 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0720 |
Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Published: June 20, 2012; 6:27:28 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0717 |
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. Published: June 20, 2012; 6:27:28 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2012-0716 |
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: June 20, 2012; 6:27:28 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2162 |
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. Published: May 01, 2012; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |