Total
437 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4283 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2009-0891 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.5 MEDIUM | N/A |
| The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | |||||
| CVE-2009-0391 | 1 Ibm | 2 Websphere Application Server, Zos | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2009-0506 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2025-04-09 | 6.2 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. | |||||
| CVE-2009-2746 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2009-1898 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. | |||||
| CVE-2008-2221 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors. | |||||
| CVE-2008-5414 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken." | |||||
| CVE-2007-3265 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-0904 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests. | |||||
| CVE-2008-5413 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. | |||||
| CVE-2009-0899 | 1 Ibm | 3 Integrated Solutions Console, Websphere Application Server, Websphere Portal | 2025-04-09 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. | |||||
| CVE-2009-1899 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin." | |||||
| CVE-2007-5798 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | |||||
| CVE-2006-6135 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). | |||||
| CVE-2008-3235 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. | |||||
| CVE-2007-1944 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability. | |||||
| CVE-2009-3106 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | |||||
| CVE-2009-0906 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 6.5 MEDIUM | N/A |
| The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. | |||||
| CVE-2008-5412 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. | |||||