CVE-2019-4441
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
Published:
October 03, 2019; 10:15:11 AM -04:00
|
V3.1: 5.3 MEDIUM
V2: 5.0 MEDIUM
|
CVE-2019-4305
|
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.
Published:
September 30, 2019; 12:15:11 PM -04:00
|
V3.1: 5.3 MEDIUM
V2: 5.0 MEDIUM
|
CVE-2019-4304
|
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.
Published:
September 30, 2019; 12:15:11 PM -04:00
|
V3.1: 6.3 MEDIUM
V2: 6.5 MEDIUM
|
CVE-2019-4505
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
Published:
September 20, 2019; 12:15:13 PM -04:00
|
V3.1: 5.3 MEDIUM
V2: 5.0 MEDIUM
|
CVE-2019-4477
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.
Published:
September 17, 2019; 03:15:11 PM -04:00
|
V3.1: 6.5 MEDIUM
V2: 4.0 MEDIUM
|
CVE-2019-4442
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.
Published:
September 17, 2019; 03:15:11 PM -04:00
|
V3.1: 4.3 MEDIUM
V2: 4.0 MEDIUM
|
CVE-2019-4271
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.
Published:
September 17, 2019; 03:15:11 PM -04:00
|
V3.1: 3.5 LOW
V2: 3.5 LOW
|
CVE-2019-4270
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203.
Published:
September 17, 2019; 03:15:11 PM -04:00
|
V3.1: 5.4 MEDIUM
V2: 3.5 LOW
|
CVE-2019-4268
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201.
Published:
September 17, 2019; 03:15:11 PM -04:00
|
V3.1: 5.3 MEDIUM
V2: 5.0 MEDIUM
|
CVE-2019-4279
|
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
Published:
May 17, 2019; 12:29:03 PM -04:00
|
V3.0: 9.8 CRITICAL
V2: 10.0 HIGH
|
CVE-2019-4080
|
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380.
Published:
April 02, 2019; 10:29:01 AM -04:00
|
V3.0: 6.5 MEDIUM
V2: 6.8 MEDIUM
|
CVE-2019-4046
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.
Published:
March 25, 2019; 03:29:02 PM -04:00
|
V3.0: 7.5 HIGH
V2: 5.0 MEDIUM
|
CVE-2018-1902
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.
Published:
March 11, 2019; 06:29:00 PM -04:00
|
V3.0: 4.3 MEDIUM
V2: 4.0 MEDIUM
|
CVE-2019-4030
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946.
Published:
March 06, 2019; 03:29:00 PM -05:00
|
V3.0: 5.4 MEDIUM
V2: 3.5 LOW
|
CVE-2018-1996
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.
Published:
February 19, 2019; 12:29:00 PM -05:00
|
V3.0: 5.3 MEDIUM
V2: 3.5 LOW
|
CVE-2018-1926
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992.
Published:
December 12, 2018; 11:29:01 AM -05:00
|
V3.0: 8.8 HIGH
V2: 6.8 MEDIUM
|
CVE-2018-1901
|
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530.
Published:
December 12, 2018; 11:29:01 AM -05:00
|
V3.0: 8.8 HIGH
V2: 6.5 MEDIUM
|
CVE-2018-1904
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.
Published:
December 11, 2018; 11:29:02 AM -05:00
|
V3.0: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-1840
|
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813.
Published:
December 03, 2018; 10:29:00 AM -05:00
|
V3.0: 8.1 HIGH
V2: 6.8 MEDIUM
|
CVE-2018-1797
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427.
Published:
November 16, 2018; 10:29:00 AM -05:00
|
V3.0: 5.5 MEDIUM
V2: 4.3 MEDIUM
|