Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm websphere application server 7.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-2092
IBM WebSphere Application Server (WAS) 7.0 prior to 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote malicious users to bypass intended access restrictions via unknown vectors.
Ibm Websphere Application Server 7.0.0.1
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 7.0.0.4
Ibm Websphere Application Server 7.0.0.3
7.5
CVSSv2
CVE-2009-2085
The Security component in IBM WebSphere Application Server (WAS) 6.1 prior to 6.1.0.25 and 7.0 prior to 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote malicious users to bypass intended CSIv2 access restrictions via vectors inv...
Ibm Websphere Application Server 6.1.0.19
Ibm Websphere Application Server 6.1.0.24
Ibm Websphere Application Server 6.1.0.23
Ibm Websphere Application Server 6.1.0.15
Ibm Websphere Application Server 6.1.0.7
Ibm Websphere Application Server 6.1.0.13
Ibm Websphere Application Server 6.1.0.12
Ibm Websphere Application Server 6.1
Ibm Websphere Application Server 6.1.0.4
Ibm Websphere Application Server 6.1.0.21
Ibm Websphere Application Server 6.1.0.2
Ibm Websphere Application Server 6.1.0.3
Ibm Websphere Application Server 6.1.0.0
Ibm Websphere Application Server 6.1.0
Ibm Websphere Application Server 7.0.0.4
Ibm Websphere Application Server 7.0.0.3
Ibm Websphere Application Server 6.1.0.8
Ibm Websphere Application Server 6.1.0.6
Ibm Websphere Application Server 6.1.0.1
Ibm Websphere Application Server 6.1.0.16
Ibm Websphere Application Server 6.1.0.14
Ibm Websphere Application Server 6.1.0.17
7.5
CVSSv2
CVE-2009-0903
IBM WebSphere Application Server (WAS) 7.0 prior to 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 prior to 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Act...
Ibm Websphere Application Server 6.1.0.4
Ibm Websphere Application Server 6.1.0.21
Ibm Websphere Application Server 6.1.0.3
Ibm Websphere Application Server 6.1.0.10
Ibm Websphere Application Server 6.1.0.0
Ibm Websphere Application Server 6.1.0
Ibm Websphere Application Server 7.0.0.1
Ibm Websphere Application Server 6.1.0.8
Ibm Websphere Application Server 6.1.0.6
Ibm Websphere Application Server 6.1.0.1
Ibm Websphere Application Server 6.1.0.16
Ibm Websphere Application Server 6.1.0.2
Ibm Websphere Application Server 6.1.0.14
Ibm Websphere Application Server 6.1.0.17
Ibm Websphere Application Server 6.1.0.18
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 6.1.0.20
Ibm Websphere Application Server 6.1.0.22
Ibm Websphere Application Server 6.1.0.5
Ibm Websphere Application Server 6.1.0.15
Ibm Websphere Application Server 6.1.0.9
Ibm Websphere Application Server 6.1.0.11
7.5
CVSSv2
CVE-2009-0508
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 prior to 6.0.2.35, 6.1 prior to 6.1.0.23, and 7.0 prior to 7.0.0.3 allow remote malicious users to read arbitrary files contained in war files in (1) web-inf, (2) ...
Ibm Websphere Application Server 6.0.2.1
Ibm Websphere Application Server 6.0.2.3
Ibm Websphere Application Server 6.0.2.19
Ibm Websphere Application Server 6.0.2.21
Ibm Websphere Application Server 6.1
Ibm Websphere Application Server 6.1.0.1
Ibm Websphere Application Server 6.1.0.15
Ibm Websphere Application Server 6.1.0.17
Ibm Websphere Application Server 6.0.2.5
Ibm Websphere Application Server 6.0.2.7
Ibm Websphere Application Server 6.0.2.23
Ibm Websphere Application Server 6.0.2.25
Ibm Websphere Application Server 6.1.0.2
Ibm Websphere Application Server 6.1.0.3
Ibm Websphere Application Server 6.1.0.19
Ibm Websphere Application Server 6.1.0.21
Ibm Websphere Application Server 5.1.0
Ibm Websphere Application Server 5.1.1.19
Ibm Websphere Application Server 6.0.2
Ibm Websphere Application Server 6.0.2.15
Ibm Websphere Application Server 6.0.2.17
Ibm Websphere Application Server 6.0.2.29
7.2
CVSSv2
CVE-2020-4534
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated malicious user to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vul...
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 8.0
Ibm Websphere Application Server 8.5
Ibm Websphere Application Server 9.0
6.9
CVSSv2
CVE-2019-4732
IBM SDK, Java Technology Edition Version 7.0.0.0 up to and including 7.0.10.55, 7.1.0.0 up to and including 7.1.4.55, and 8.0.0.0 up to and including 8.0.6.0 could allow a local authenticated malicious user to execute arbitrary code on the system, caused by DLL search order hijac...
Ibm Sdk
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 8.0
Ibm Websphere Application Server 8.5
Ibm Websphere Application Server 9.0
6.9
CVSSv2
CVE-2014-3020
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.
Ibm Embedded Websphere Application Server 7.0
Ibm Tivoli Integrated Portal 2.2
Ibm Tivoli Integrated Portal 2.1
6.8
CVSSv2
CVE-2018-1926
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An att...
Ibm Websphere Application Server
6.8
CVSSv2
CVE-2018-1695
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote malicious user to conduct spoofing attacks. IBM X-Force ID: 145769.
Ibm Websphere Application Server 8.5.5.0
Ibm Websphere Application Server 8.0.0.0
Ibm Websphere Application Server 7.0.0.0
6.8
CVSSv2
CVE-2017-1194
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 8.0
Ibm Websphere Application Server 8.5
Ibm Websphere Application Server 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »