ibm websphere application server 8.5.5.4 vulnerabilities and exploits

(subscribe to this query)

8.5

CVSSv2

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile prior to 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.

Ibm Websphere Application Server 8.5.5.0 Ibm Websphere Application Server 8.5.5.1 Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.5.0.0 Ibm Websphere Application Server 8.5.0.2 Ibm Websphere Application Server 8.5.5.4 Ibm Websphere Application Server 8.5.0.1

4

CVSSv2

The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 prior to 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Ibm Websphere Application Server 8.5.0.0 Ibm Websphere Application Server 8.5.0.1 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.5.5.4 Ibm Websphere Application Server 8.5.5.0 Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 8.5.0.2 Ibm Websphere Application Server 8.5.5.1

5.5

CVSSv2

IBM WebSphere Application Server (WAS) 8.5 Liberty Profile prior to 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.5.5.4 Ibm Websphere Application Server 8.5.0.0 Ibm Websphere Application Server 8.5.0.1 Ibm Websphere Application Server 8.5.5.0 Ibm Websphere Application Server 8.5.0.2 Ibm Websphere Application Server 8.5.5.1

5

CVSSv2

Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 up to and including 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote malicious users to obtain sensitive information via unspecified vectors.

Ibm Websphere Application Server 8.5.5.9 Ibm Websphere Application Server 8.5.5.8 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 8.5.5.7 Ibm Websphere Application Server 8.5.5.6 Ibm Websphere Application Server 8.5.5.5 Ibm Websphere Application Server 8.5.5.4

4.3

CVSSv2

Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 prior to 8.5.5.9 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.

Ibm Websphere Application Server 8.5.5.4 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 8.5.5.8 Ibm Websphere Application Server 8.5.5.7 Ibm Websphere Application Server 8.5.5.6 Ibm Websphere Application Server 8.5.5.5 Ibm Websphere Application Server 8.5.5.1 Ibm Websphere Application Server 8.5.5.0

5

CVSSv2

IBM WebSphere Application Server (WAS) 8.5 up to and including 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote malicious users to obtain potentially s...

Ibm Websphere Application Server 8.5.5.9 Ibm Websphere Application Server 8.5.5.8 Ibm Websphere Application Server 8.5.5.1 Ibm Websphere Application Server 8.5.5.0 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 8.5.5.7 Ibm Websphere Application Server 8.5.5.6 Ibm Websphere Application Server 8.5.5.5 Ibm Websphere Application Server 8.5.5.4

3.5

CVSSv2

IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Ibm Websphere Application Server 8.5.5.4 Ibm Websphere Application Server 9.0.0.0 Ibm Websphere Application Server 8.5.5.10 Ibm Websphere Application Server 8.5.5.5 Ibm Websphere Application Server 8.5.5.1 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.5.5.6 Ibm Websphere Application Server 8.5.5.0 Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 9.0.0.2 Ibm Websphere Application Server 9.0.0.1 Ibm Websphere Application Server 8.5.5.9 Ibm Websphere Application Server 8.5.5.8 Ibm Websphere Application Server 8.5.5.7 Ibm Websphere Application Server 8.5.5.11

6

CVSSv2

The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 prior to 8.0.0.11 and 8.5 prior to 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.

Ibm Websphere Application Server 8.0.0.5 Ibm Websphere Application Server 8.0.0.6 Ibm Websphere Application Server 8.5.5.0 Ibm Websphere Application Server 8.5.5.1 Ibm Websphere Application Server 8.0.0.3 Ibm Websphere Application Server 8.0.0.4 Ibm Websphere Application Server 8.5.0.1 Ibm Websphere Application Server 8.5.0.2 Ibm Websphere Application Server 8.0.0.0 Ibm Websphere Application Server 8.0.0.1 Ibm Websphere Application Server 8.0.0.7 Ibm Websphere Application Server 8.0.0.8 Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.5.5.4 Ibm Websphere Application Server 8.0.0.10 Ibm Websphere Application Server 8.0.0.2 Ibm Websphere Application Server 8.0.0.9 Ibm Websphere Application Server 8.5.0.0 Ibm Websphere Application Server 8.5.5.5

4

CVSSv2

The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 prior to 8.0.0.12 and 8.5 prior to 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Ibm Websphere Application Server 8.0.0.4 Ibm Websphere Application Server 8.5.0.0 Ibm Websphere Application Server 8.5.5.1 Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 8.5.5.6 Ibm Websphere Application Server 8.5.5.7 Ibm Websphere Application Server 8.0.0.2 Ibm Websphere Application Server 8.0.0.3 Ibm Websphere Application Server 8.5.5.0 Ibm Websphere Application Server 8.0.0.8 Ibm Websphere Application Server 8.5.5.4 Ibm Websphere Application Server 8.5.5.5 Ibm Websphere Application Server 8.5.0.1 Ibm Websphere Application Server 8.0.0.5 Ibm Websphere Application Server 8.0.0.6 Ibm Websphere Application Server 8.0.0.9 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.0.0.0 Ibm Websphere Application Server 8.0.0.1 Ibm Websphere Application Server 8.5.0.2 Ibm Websphere Application Server 8.0.0.7 Ibm Websphere Application Server 8.0.0.11

4.4

CVSSv2

IBM WebSphere Application Server (WAS) 8.5 prior to 8.5.5.6, and WebSphere Virtual Enterprise 7.0 prior to 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.

Ibm Websphere Application Server 7.0 Ibm Websphere Application Server 8.5.0.2 Ibm Websphere Application Server 8.5.0.1 Ibm Websphere Application Server 8.5.5.1 Ibm Websphere Application Server 8.5.5.2 Ibm Websphere Application Server 8.5.5.3 Ibm Websphere Application Server 8.5.5.4 Ibm Websphere Application Server 8.5.5.5 Ibm Websphere Application Server 8.0.0.0 Ibm Websphere Application Server 8.5.5.0 Ibm Websphere Application Server 8.5.0.0 Ibm Websphere Virtual Enterprise 7.0.0.4 Ibm Websphere Virtual Enterprise 7.0.0.5 Ibm Websphere Virtual Enterprise 7.0 Ibm Websphere Virtual Enterprise 7.0.0.1 Ibm Websphere Virtual Enterprise 7.0.0.2 Ibm Websphere Virtual Enterprise 7.0.0.3

Get Started

1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook