Total
405 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4505 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. | |||||
CVE-2019-4441 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. | |||||
CVE-2019-4030 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946. | |||||
CVE-2019-4046 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. | |||||
CVE-2019-4285 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513. | |||||
CVE-2019-4271 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 3.5 LOW | 3.5 LOW |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. | |||||
CVE-2019-4279 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445. | |||||
CVE-2019-4080 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380. | |||||
CVE-2019-4442 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226. | |||||
CVE-2018-1902 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531. | |||||
CVE-2019-4268 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201. | |||||
CVE-2019-4269 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. | |||||
CVE-2019-4477 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997. | |||||
CVE-2019-4270 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203. | |||||
CVE-2018-1905 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.5 MEDIUM | 7.1 HIGH |
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534. | |||||
CVE-2018-1840 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813. | |||||
CVE-2018-1851 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999. | |||||
CVE-2018-1901 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530. | |||||
CVE-2018-1719 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292. | |||||
CVE-2018-1838 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811. |