) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2013-0544 |
Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. Published: April 24, 2013; 6:28:37 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
| CVE-2013-0543 |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Published: April 24, 2013; 6:28:37 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2013-0542 |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Published: April 24, 2013; 6:28:37 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2013-0541 |
Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors. Published: April 24, 2013; 6:28:37 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
| CVE-2013-0540 |
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session. Published: April 24, 2013; 6:28:37 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
| CVE-2013-0461 |
Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 27, 2013; 1:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2013-0459 |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 27, 2013; 1:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2013-0458 |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 27, 2013; 1:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2010-2087 |
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object. Published: May 27, 2010; 3:00:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |