Ibm: >> Websphere Application Server Security Vulnerabilities
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-08-03
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151.
CVSS Score
5.4
EPSS Score
0.004
Published
2017-07-24
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.
CVSS Score
7.1
EPSS Score
0.0
Published
2017-07-24
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.
CVSS Score
3.3
EPSS Score
0.001
Published
2017-07-21
IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-06-08
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.
CVSS Score
8.1
EPSS Score
0.01
Published
2017-05-10
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-04-28
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.
CVSS Score
8.1
EPSS Score
0.006
Published
2017-03-20
IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743
CVSS Score
5.4
EPSS Score
0.003
Published
2017-02-13
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-02-01