Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Websphere Application Server  >> 9.0.5.1  Security Vulnerabilities
CVE-2020-4329
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-04-28
CVE-2020-4362
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-04-10
CVE-2020-4276
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-03-26
CVE-2019-4670
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-05
CVE-2020-4163
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.
CVSS Score
6.6
EPSS Score
0.004
Published
2020-02-04
CVE-2019-4720
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-01-31
CVE-2019-4441
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-10-03
CVE-2019-4442
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.
CVSS Score
4.3
EPSS Score
0.004
Published
2019-09-17
CVE-2010-2087
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-05-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved