Filtered by vendor Ibm
Subscriptions
Filtered by product Websphere Application Server
Subscriptions
Total
446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1032 | 1 Ibm | 2 Lotus Connections, Websphere Application Server | 2025-04-11 | N/A |
| IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. | ||||
| CVE-2010-0784 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0783 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0779 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0777 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. | ||||
| CVE-2013-6725 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2010-0775 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. | ||||
| CVE-2010-0774 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS#7 and PKIPath tokens, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2010-0769 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. | ||||
| CVE-2010-0768 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
| CVE-2013-4053 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Feature Pack For Web Services | 2025-04-11 | N/A |
| The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors. | ||||
| CVE-2013-6325 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. | ||||
| CVE-2013-4052 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0563 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. | ||||
| CVE-2013-4006 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations. | ||||
| CVE-2013-4005 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields. | ||||
| CVE-2010-0781 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. | ||||
| CVE-2010-0778 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-2976 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-6330 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||