Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ibm:websphere_application_server:8.5.5.2
There are 96 matching records.
Displaying matches 81 through 96.
Vuln ID Summary CVSS Severity
CVE-2015-0174

The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Published: April 27, 2015; 8:59:00 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-8890

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.

Published: December 18, 2014; 11:59:17 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2014-6174

IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.

Published: December 18, 2014; 11:59:14 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6167

Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: December 18, 2014; 11:59:13 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6166

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published: December 18, 2014; 11:59:12 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6164

IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.

Published: December 18, 2014; 11:59:11 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3021

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.

Published: October 18, 2014; 9:55:12 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4816

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Published: September 23, 2014; 6:55:03 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2014-4770

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

Published: September 23, 2014; 6:55:03 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-4767

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

Published: August 21, 2014; 9:55:08 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2014-4764

IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors.

Published: August 21, 2014; 9:55:08 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2014-3083

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors.

Published: August 21, 2014; 9:55:08 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3070

The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Published: August 21, 2014; 9:55:08 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3022

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

Published: August 21, 2014; 9:55:07 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-0965

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.

Published: August 21, 2014; 9:55:07 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2087

Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

Published: May 27, 2010; 3:00:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM