Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:websphere_application_server:7.0.0.19::~~-~~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-20454 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649. Published: April 21, 2021; 8:15:08 AM -0400 |
V3.1: 8.2 HIGH V2.0: 6.4 MEDIUM |
CVE-2020-4782 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. Published: October 28, 2020; 1:15:13 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-4441 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. Published: October 03, 2019; 10:15:11 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |