ReportizFlow
Filtered by vendor Ibm
Subscriptions
Filtered by product Websphere Application Server
Subscriptions
Total
443 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5412 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. | ||||
| CVE-2007-4833 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789. | ||||
| CVE-2007-5483 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors. | ||||
| CVE-2009-0506 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. | ||||
| CVE-2009-2092 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2009-2743 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. | ||||
| CVE-2009-2746 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2009-0856 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-0891 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | ||||
| CVE-2009-0904 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests. | ||||
| CVE-2008-5411 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2008-5413 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. | ||||
| CVE-2009-2087 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. | ||||
| CVE-2009-2088 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property. | ||||
| CVE-2009-2085 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). | ||||
| CVE-2007-3262 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak. | ||||
| CVE-2006-6636 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. | ||||
| CVE-2006-7166 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." | ||||
| CVE-2007-4839 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803. | ||||
| CVE-2008-3236 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. | ||||