U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2020-4336

IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.

Published: January 06, 2021; 8:15:14 AM -0500 		V3.1: 5.3 MEDIUM
 V2.0: 5.0 MEDIUM
CVE-2019-4115

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113.

Published: September 30, 2019; 12:15:11 PM -0400 		V3.1: 5.4 MEDIUM
 V2.0: 3.5 LOW
CVE-2019-4112

IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.

Published: September 30, 2019; 12:15:11 PM -0400 		V3.1: 3.3 LOW
 V2.0: 2.1 LOW
CVE-2019-4109

IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102.

Published: September 30, 2019; 12:15:11 PM -0400 		V3.1: 6.1 MEDIUM
 V2.0: 5.8 MEDIUM
CVE-2019-4106

IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158099.

Published: September 30, 2019; 12:15:11 PM -0400 		V3.1: 4.8 MEDIUM
 V2.0: 3.5 LOW