Ibm Corporation Websphere Application Server vulnerabilities

CVE-2017-1137 [HIGH] CVE-2017-1137: IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.

CVE-2017-1151 [HIGH] CVE-2017-1151: IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured wit IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.

CVE-2017-1121 [MEDIUM] CWE-79 CVE-2017-1121: IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulne IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743

CVE-2016-8919 [HIGH] CWE-399 CVE-2016-8919: IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serial IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.