IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT.
CVSS Score
5.0
EPSS Score
0.003
Published
2010-06-18
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-06-18
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."
CVSS Score
4.3
EPSS Score
0.002
Published
2010-06-18
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-03-29
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors.
CVSS Score
7.8
EPSS Score
0.004
Published
2009-02-02