By Risk Score
By Publish Date
By Recent Activity
websphere application server vulnerabilities and exploits
(subscribe to this query)
IBM WebSphere Application Server (WAS) 6.1 through 184.108.40.206 and 7.0 through 220.127.116.11, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager...
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges....
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes...
Unspecified vulnerability in IBM WebSphere Application Server before 18.104.22.168 has unknown impact and attack vectors because the "UserNameToken cache was improperly used."...
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 22.214.171.124, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."...
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 126.96.36.199 and earlier has unknown impact and attack vectors....
Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 188.8.131.52 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 184.108.40.206 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."...
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 220.127.116.11 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a...
IBM WebSphere Application Server (WAS) 8.5 before 18.104.22.168, and WebSphere Virtual Enterprise 7.0 before 22.214.171.124 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors....
NULL pointer dereference