National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ibm:websphere_application_server:6.0.2.15
There are 78 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-4046

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.

Published: March 25, 2019; 03:29:02 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-1902

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.

Published: March 11, 2019; 06:29:00 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-1851

IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.

Published: October 31, 2018; 09:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-1683

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455.

Published: September 26, 2018; 11:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-1553

IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890.

Published: June 27, 2018; 02:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-0378

IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception.

Published: November 24, 2016; 02:59:10 PM -05:00
V3: 3.7 LOW
V2: 4.3 MEDIUM
CVE-2014-4816

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Published: September 23, 2014; 06:55:03 PM -04:00
V2: 6.0 MEDIUM
CVE-2014-4770

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

Published: September 23, 2014; 06:55:03 PM -04:00
V2: 3.5 LOW
CVE-2014-0964

IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.

Published: May 16, 2014; 07:12:00 AM -04:00
V2: 7.1 HIGH
CVE-2013-0542

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values.

Published: April 24, 2013; 06:28:37 AM -04:00
V2: 4.3 MEDIUM
CVE-2012-4851

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

Published: November 14, 2012; 07:30:59 AM -05:00
V2: 4.3 MEDIUM
CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

Published: May 01, 2012; 03:55:02 PM -04:00
V2: 6.8 MEDIUM
CVE-2012-0193

IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Published: January 19, 2012; 11:04:51 PM -05:00
V2: 5.0 MEDIUM
CVE-2009-2747

The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.

Published: October 30, 2011; 06:55:02 AM -04:00
V2: 5.0 MEDIUM
CVE-2010-3271

Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.

Published: July 18, 2011; 06:55:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2011-1683

IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.

Published: April 13, 2011; 10:55:01 AM -04:00
V2: 6.8 MEDIUM
CVE-2011-1318

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.

Published: March 08, 2011; 04:59:35 PM -05:00
V2: 5.0 MEDIUM
CVE-2011-1316

The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.

Published: March 08, 2011; 04:59:34 PM -05:00
V2: 5.0 MEDIUM
CVE-2011-1315

Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.

Published: March 08, 2011; 04:59:34 PM -05:00
V2: 5.0 MEDIUM
CVE-2011-1314

The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.

Published: March 08, 2011; 04:59:34 PM -05:00
V2: 5.0 MEDIUM