Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Websphere Application Server
Total 426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-1316 1 Ibm 1 Websphere Application Server 2025-04-11 5.0 MEDIUM N/A
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.
CVE-2010-0781 1 Ibm 1 Websphere Application Server 2025-04-11 4.0 MEDIUM N/A
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.
CVE-2013-2967 1 Ibm 1 Websphere Application Server 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4053 1 Ibm 2 Websphere Application Server, Websphere Application Server Feature Pack For Web Services 2025-04-11 6.8 MEDIUM N/A
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors.
CVE-2013-4005 1 Ibm 1 Websphere Application Server 2025-04-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
CVE-2011-1032 1 Ibm 2 Lotus Connections, Websphere Application Server 2025-04-11 6.8 MEDIUM N/A
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
CVE-2012-4850 1 Ibm 1 Websphere Application Server 2025-04-11 7.5 HIGH N/A
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.
CVE-2010-0776 1 Ibm 1 Websphere Application Server 2025-04-11 5.0 MEDIUM N/A
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request.
CVE-2010-1651 1 Ibm 2 Websphere Application Server, Z\/os 2025-04-11 1.9 LOW N/A
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.
CVE-2011-1315 1 Ibm 1 Websphere Application Server 2025-04-11 5.0 MEDIUM N/A
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.
CVE-2008-7274 1 Ibm 1 Websphere Application Server 2025-04-11 4.3 MEDIUM N/A
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.
CVE-2012-3305 1 Ibm 1 Websphere Application Server 2025-04-11 6.4 MEDIUM N/A
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.
CVE-2011-1376 1 Ibm 1 Websphere Application Server 2025-04-11 4.6 MEDIUM N/A
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.
CVE-2010-2328 1 Ibm 1 Websphere Application Server 2025-04-11 5.0 MEDIUM N/A
The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression.
CVE-2012-0716 1 Ibm 1 Websphere Application Server 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0777 1 Ibm 1 Websphere Application Server 2025-04-11 2.6 LOW N/A
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.
CVE-2011-1312 1 Ibm 1 Websphere Application Server 2025-04-11 4.0 MEDIUM N/A
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.
CVE-2012-2170 1 Ibm 1 Websphere Application Server 2025-04-11 4.3 MEDIUM N/A
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.
CVE-2012-0720 1 Ibm 1 Websphere Application Server 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2011-5066 1 Ibm 1 Websphere Application Server 2025-04-11 2.1 LOW N/A
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.