cbcvebase.

Ibm Websphere Application Server vulnerabilities

451 known vulnerabilities affecting ibm/websphere_application_server.

Total CVEs
451
CISA KEV
1
actively exploited
Public exploits
13
Exploited in wild
2
Severity breakdown
CRITICAL53HIGH95MEDIUM263LOW40

Vulnerabilities

Page 13 of 23
CVE-2013-0542MEDIUMCVSS 4.3≤ 6.1.0.45v6.1.0+52 more2013-04-24
CVE-2013-0542 [MEDIUM] CWE-79 CVE-2013-0542: Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values.
nvd
CVE-2013-0544MEDIUMCVSS 4.0v6.1.0.0v6.1.0.1+51 more2013-04-24
CVE-2013-0544 [MEDIUM] CWE-22 CVE-2013-0544: Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors.
nvd
CVE-2013-0565MEDIUMCVSS 4.3v8.5.0.0v8.5.0.12013-04-24
CVE-2013-0565 [MEDIUM] CWE-79 CVE-2013-0565: Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IB Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IBM WebSphere Application Server (WAS) 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted response.
nvd
CVE-2013-0543MEDIUMCVSS 6.8v6.1.0.0v6.1.0.1+51 more2013-04-24
CVE-2013-0543 [MEDIUM] CWE-863 CVE-2013-0543: IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
nvd
CVE-2013-0541LOWCVSS 1.9v6.1.0.0v6.1.0.1+51 more2013-04-24
CVE-2013-0541 [LOW] CWE-119 CVE-2013-0541: Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors.
nvd
CVE-2013-0540LOWCVSS 3.5v8.5.0.0v8.5.0.12013-04-24
CVE-2013-0540 [LOW] CWE-287 CVE-2013-0540: IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.
nvd
CVE-2013-0462CRITICALCVSS 10.0v7.0v7.0.0.1+16 more2013-01-27
CVE-2013-0462 [CRITICAL] CVE-2013-0462: Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, a Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors.
nvd
CVE-2013-0460MEDIUMCVSS 6.8v6.1.0.0v6.1.0.1+40 more2013-01-27
CVE-2013-0460 [MEDIUM] CWE-352 CVE-2013-0460: Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative conso Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.
nvd
CVE-2013-0458MEDIUMCVSS 4.3v6.1.0.0v6.1.0.1+48 more2013-01-27
CVE-2013-0458 [MEDIUM] CWE-79 CVE-2013-0458: Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-0459MEDIUMCVSS 4.3v6.1.0.0v6.1.0.1+48 more2013-01-27
CVE-2013-0459 [MEDIUM] CWE-79 CVE-2013-0459: Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-0461MEDIUMCVSS 4.3v6.1.0.0v6.1.0.1+48 more2013-01-27
CVE-2013-0461 [MEDIUM] CWE-79 CVE-2013-0461: Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2012-4850HIGHCVSS 7.5v8.5.0.02012-11-14
CVE-2012-4850 [HIGH] CWE-20 CVE-2012-4850: IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not p IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.
nvd
CVE-2012-4853MEDIUMCVSS 6.8v6.1v6.1.0+54 more2012-11-14
CVE-2012-4853 [MEDIUM] CWE-352 CVE-2012-4853: Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0 Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure.
nvd
CVE-2012-3330MEDIUMCVSS 5.0v7.0v7.0.0.1+22 more2012-11-14
CVE-2012-3330 [MEDIUM] CVE-2012-3330: The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8. The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request.
nvd
CVE-2012-4851MEDIUMCVSS 4.3≤ 8.5.0.02012-11-14
CVE-2012-4851 [MEDIUM] CWE-79 CVE-2012-4851: Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile bef Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
nvd
CVE-2012-3306MEDIUMCVSS 6.8v6.1.0v6.1.0.0+49 more2012-09-25
CVE-2012-3306 [MEDIUM] CWE-255 CVE-2012-3306: IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors.
nvd
CVE-2012-3305MEDIUMCVSS 6.4v6.1v6.1.0+62 more2012-09-25
CVE-2012-3305 [MEDIUM] CWE-22 CVE-2012-3305: Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.
nvd
CVE-2012-3304MEDIUMCVSS 6.8v6.1.0v6.1.0.0+49 more2012-09-25
CVE-2012-3304 [MEDIUM] CVE-2012-3304: The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors.
nvd
CVE-2012-3311LOWCVSS 3.3v6.1.0v6.1.0.0+49 more2012-09-25
CVE-2012-3311 [LOW] CWE-264 CVE-2012-3311: IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modif
nvd
CVE-2012-3325MEDIUMCVSS 6.0v6.1v6.1.0+54 more2012-08-30
CVE-2012-3325 [MEDIUM] CWE-20 CVE-2012-3325: IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8. IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.
nvd
← Previous13 / 23Next →