Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-4720 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. Published: January 31, 2020; 11:15:10 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-4441 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. Published: October 03, 2019; 10:15:11 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-4305 |
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. Published: September 30, 2019; 12:15:11 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-4304 |
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. Published: September 30, 2019; 12:15:11 PM -0400 |
V3.1: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2019-4046 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. Published: March 25, 2019; 3:29:02 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-1902 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531. Published: March 11, 2019; 6:29:00 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-1851 |
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999. Published: October 31, 2018; 9:29:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-1683 |
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455. Published: September 26, 2018; 11:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-1553 |
IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890. Published: June 27, 2018; 2:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-0378 |
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. Published: November 24, 2016; 2:59:10 PM -0500 |
V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2013-4005 |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields. Published: August 21, 2013; 5:55:06 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-3029 |
Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Published: August 21, 2013; 5:55:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-2976 |
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors. Published: August 21, 2013; 5:55:06 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-2967 |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: August 21, 2013; 5:55:06 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4853 |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure. Published: November 14, 2012; 7:30:59 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4851 |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Published: November 14, 2012; 7:30:59 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3325 |
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors. Published: August 30, 2012; 6:55:04 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2012-2162 |
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. Published: May 01, 2012; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-5066 |
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. Published: January 14, 2012; 10:55:13 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2011-5065 |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. Published: January 14, 2012; 10:55:12 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |