Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:websphere_application_server:8.5.5.3:-:~~liberty_profile~~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-8934 |
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Published: February 01, 2017; 3:59:02 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2014-3021 |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. Published: October 18, 2014; 9:55:12 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |