Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-8934 |
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Published: February 01, 2017; 3:59:02 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-5983 |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object. Published: October 05, 2016; 6:59:18 AM -0400 |
V3.0: 7.5 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-5986 |
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. Published: September 30, 2016; 9:59:07 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-0385 |
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. Published: September 01, 2016; 6:59:00 AM -0400 |
V3.0: 3.1 LOW V2.0: 3.5 LOW |
CVE-2016-2960 |
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages. Published: August 07, 2016; 9:59:11 PM -0400 |
V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2014-3021 |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. Published: October 18, 2014; 9:55:12 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-4767 |
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors. Published: August 21, 2014; 9:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2014-0896 |
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. Published: May 01, 2014; 1:29:56 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-4006 |
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations. Published: November 18, 2013; 12:23:57 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |