Ibm Websphere Application Server vulnerabilities
451 known vulnerabilities affecting ibm/websphere_application_server.
Total CVEs
451
CISA KEV
1
actively exploited
Public exploits
13
Exploited in wild
2
Severity breakdown
CRITICAL53HIGH95MEDIUM263LOW40
Vulnerabilities
Page 12 of 23
CVE-2014-0823MEDIUMCVSS 4.3v8.5.0.0v8.5.0.1+13 more2014-05-01
CVE-2014-0823 [MEDIUM] CWE-200 CVE-2014-0823: IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote att
IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.
nvd
CVE-2013-6323LOWCVSS 3.5v7.0v7.0.0.1+40 more2014-05-01
CVE-2013-6323 [LOW] CWE-79 CVE-2013-6323: Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2013-6325MEDIUMCVSS 4.3v8.0.0.0v8.0.0.1+38 more2014-01-16
CVE-2013-6325 [MEDIUM] CWE-20 CVE-2013-6325: IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2
IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint.
nvd
CVE-2013-6330LOWCVSS 3.5v7.0v7.0.0.1+20 more2014-01-16
CVE-2013-6330 [LOW] CWE-200 CVE-2013-6330: IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
nvd
CVE-2013-6725LOWCVSS 3.5v6.1v7.0+39 more2014-01-16
CVE-2013-6725 [LOW] CWE-79 CVE-2013-6725: Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2013-5417MEDIUMCVSS 4.3v7.0v7.0.0.1+37 more2013-11-18
CVE-2013-5417 [MEDIUM] CWE-79 CVE-2013-5417: Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data.
nvd
CVE-2013-4006MEDIUMCVSS 4.3v8.5.0.0v8.5.0.1+2 more2013-11-18
CVE-2013-4006 [MEDIUM] CWE-310 CVE-2013-4006: IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations.
nvd
CVE-2013-5418LOWCVSS 3.5v7.0v7.0.0.1+37 more2013-11-18
CVE-2013-5418 [LOW] CWE-79 CVE-2013-5418: Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2013-5414LOWCVSS 3.5v7.0v7.0.0.1+37 more2013-11-18
CVE-2013-5414 [LOW] CWE-264 CVE-2013-5414: The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 befor
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a m
nvd
CVE-2013-4052MEDIUMCVSS 4.3v6.1v6.1.0+66 more2013-09-20
CVE-2013-4052 [MEDIUM] CWE-79 CVE-2013-4052: Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Applica
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-0596MEDIUMCVSS 4.3v6.1v6.1.0+27 more2013-09-20
CVE-2013-0596 [MEDIUM] CWE-79 CVE-2013-0596: Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-4053MEDIUMCVSS 6.8v8.5.0.0v8.5.0.1+66 more2013-09-20
CVE-2013-4053 [MEDIUM] CWE-20 CVE-2013-4053: The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 be
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers
nvd
CVE-2013-2967MEDIUMCVSS 4.3v6.1v6.1.0+70 more2013-08-21
CVE-2013-2967 [MEDIUM] CWE-79 CVE-2013-2967: Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-3029MEDIUMCVSS 6.8v8.0.0.0v8.0.0.1+71 more2013-08-21
CVE-2013-3029 [MEDIUM] CWE-352 CVE-2013-3029: Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Appli
Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.
nvd
CVE-2013-2976LOWCVSS 1.9v8.0.0.0v8.0.0.1+70 more2013-08-21
CVE-2013-2976 [LOW] CWE-200 CVE-2013-2976: The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.
nvd
CVE-2013-4004LOWCVSS 3.5v8.0.0.0v8.0.0.1+8 more2013-08-21
CVE-2013-4004 [LOW] CWE-79 CVE-2013-4004: Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-0597LOWCVSS 3.5v8.5.0.0v8.5.0.1+34 more2013-08-21
CVE-2013-0597 [LOW] CWE-79 CVE-2013-0597: Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-4005LOWCVSS 3.5v6.1v6.1.0+71 more2013-08-21
CVE-2013-4005 [LOW] CWE-79 CVE-2013-4005: Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
nvd
CVE-2013-1777CRITICALCVSS 10.0v3.0.0.32013-07-11
CVE-2013-1777 [CRITICAL] CWE-94 CVE-2013-1777: The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Applica
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
nvd
CVE-2013-0482MEDIUMCVSS 4.3v7.0v7.0.0.1+32 more2013-05-29
CVE-2013-0482 [MEDIUM] CVE-2013-0482: IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability
nvd