IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.9
EPSS Score
0.09%
Published
2016-05-17
Updated
2016-11-28
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.
Max CVSS
5.9
EPSS Score
0.18%
Published
2017-08-18
Updated
2017-08-24
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.
Max CVSS
5.9
EPSS Score
0.18%
Published
2018-09-14
Updated
2020-08-24
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication.
Max CVSS
5.9
EPSS Score
0.28%
Published
2018-08-24
Updated
2019-10-09
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.
Max CVSS
5.9
EPSS Score
0.06%
Published
2022-05-20
Updated
2022-06-02
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."
Max CVSS
5.9
EPSS Score
0.08%
Published
2022-11-03
Updated
2022-11-04
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.
Max CVSS
5.8
EPSS Score
0.28%
Published
2009-02-10
Updated
2017-08-08
Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter.
Max CVSS
5.8
EPSS Score
0.27%
Published
2011-07-19
Updated
2017-08-17
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
Max CVSS
5.5
EPSS Score
0.15%
Published
2009-03-25
Updated
2017-08-17
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
Max CVSS
5.5
EPSS Score
0.09%
Published
2009-03-31
Updated
2017-08-17
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.
Max CVSS
5.5
EPSS Score
0.14%
Published
2015-04-27
Updated
2015-11-30
IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. IBM X-Force ID: 153629.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-12-10
Updated
2019-10-09
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-05-06
Updated
2021-07-21
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-07-07
Updated
2023-07-12
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.
Max CVSS
5.4
EPSS Score
0.10%
Published
2016-01-23
Updated
2016-12-07
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.
Max CVSS
5.4
EPSS Score
0.08%
Published
2016-10-01
Updated
2016-11-28
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-02-01
Updated
2017-02-09
IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-02-13
Updated
2017-07-25
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151.
Max CVSS
5.4
EPSS Score
0.08%
Published
2017-07-24
Updated
2019-05-03
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148800.
Max CVSS
5.4
EPSS Score
0.06%
Published
2018-10-16
Updated
2019-10-09
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-03-06
Updated
2022-12-03
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-09-17
Updated
2022-12-09
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513.
Max CVSS
5.4
EPSS Score
0.07%
Published
2019-07-30
Updated
2022-01-01
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-12-10
Updated
2019-12-10
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433.
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-09-10
Updated
2020-09-11
106 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!