Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ibm:websphere_application_server:7.0.0.13
There are 137 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2012-3325

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.

Published: August 30, 2012; 6:55:04 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2012-3293

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue.

Published: August 21, 2012; 6:46:10 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-2190

IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol.

Published: August 21, 2012; 6:46:10 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-2170

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.

Published: June 20, 2012; 6:27:28 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0720

Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: June 20, 2012; 6:27:28 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0717

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

Published: June 20, 2012; 6:27:28 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2012-0716

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: June 20, 2012; 6:27:28 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

Published: May 01, 2012; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-0193

IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Published: January 19, 2012; 11:04:51 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1376

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

Published: January 19, 2012; 6:55:10 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2011-1362

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308.

Published: January 14, 2012; 10:55:12 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1359

Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

Published: September 06, 2011; 11:55:02 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1356

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request.

Published: July 19, 2011; 4:55:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-1355

Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter.

Published: July 19, 2011; 4:55:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2010-3271

Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.

Published: July 18, 2011; 6:55:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-1209

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack."

Published: May 04, 2011; 6:55:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1683

IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.

Published: April 13, 2011; 10:55:01 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-1322

The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages.

Published: March 08, 2011; 4:59:35 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1321

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).

Published: March 08, 2011; 4:59:35 PM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2011-1320

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.

Published: March 08, 2011; 4:59:35 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM