Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4271 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. | |||||
| CVE-2019-4270 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203. | |||||
| CVE-2019-4269 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. | |||||
| CVE-2019-4268 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201. | |||||
| CVE-2019-4080 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380. | |||||
| CVE-2019-4046 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. | |||||
| CVE-2019-4030 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946. | |||||
| CVE-2018-1996 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650. | |||||
| CVE-2018-1957 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X-Force ID: 153629. | |||||
| CVE-2018-1926 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. | |||||
| CVE-2018-1905 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534. | |||||
| CVE-2018-1904 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533. | |||||
| CVE-2018-1902 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531. | |||||
| CVE-2018-1901 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.5 MEDIUM | 5.0 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530. | |||||
| CVE-2018-1851 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999. | |||||
| CVE-2018-1840 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.8 MEDIUM | 6.0 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813. | |||||
| CVE-2018-1838 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811. | |||||
| CVE-2018-1798 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428. | |||||
| CVE-2018-1797 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427. | |||||
| CVE-2018-1794 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949. | |||||