Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
websphere application server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-1608
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) prior to 6.0.2.19 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
Ibm Websphere Application Server
7.5
CVSSv2
CVE-2006-5324
The Web Services Notification (WSN) security component of IBM WebSphere Application Server prior to 6.1.0.2 allows malicious users to obtain unspecified access without supplying a username and password, aka PK28374.
Ibm Websphere Application Server
7.5
CVSSv2
CVE-2006-4136
Multiple unspecified vulnerabilities in IBM WebSphere Application Server prior to 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
Ibm Websphere Application Server 6.0.1
Ibm Websphere Application Server 6.0.1.2
Ibm Websphere Application Server 6.0.2.6
Ibm Websphere Application Server 6.0.2.7
Ibm Websphere Application Server 6.0
Ibm Websphere Application Server 6.0.0.1
Ibm Websphere Application Server 6.0.2.2
Ibm Websphere Application Server 6.0.2.3
Ibm Websphere Application Server 6.0.0.2
Ibm Websphere Application Server 6.0.0.3
Ibm Websphere Application Server 6.0.2.4
Ibm Websphere Application Server 6.0.2.5
Ibm Websphere Application Server 6.0.2
Ibm Websphere Application Server 6.0.2.1
Ibm Websphere Application Server 6.0.2.9
Ibm Websphere Application Server
7.5
CVSSv2
CVE-2006-2436
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows malicious users to gain privileges.
Ibm Websphere Application Server 5.0.0
Ibm Websphere Application Server 5.0.1
Ibm Websphere Application Server 5.0.2
7.5
CVSSv2
CVE-2006-2432
IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token.
Ibm Websphere Application Server 5.0.0
Ibm Websphere Application Server 5.0.1
Ibm Websphere Application Server 5.0.2
Ibm Websphere Application Server 5.1.0
Ibm Websphere Application Server 5.1.1
7.5
CVSSv2
CVE-2006-2342
IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote malicious users to bypass authentication for the Welcome Page via a request to the default context root.
Ibm Websphere Application Server 6.0.2
7.5
CVSSv2
CVE-2005-1872
Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote malicious users to execute arbitrary code.
Ibm Websphere Application Server 5.0
7.5
CVSSv2
CVE-2001-0824
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote malicious users to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error ...
Ibm Websphere Application Server 3.0.2
Ibm Websphere Application Server 3.5
7.5
CVSSv2
CVE-2001-0962
IBM WebSphere Application Server 3.02 up to and including 3.53 uses predictable session IDs for cookies, which allows remote malicious users to gain privileges of WebSphere users via brute force guessing.
Ibm Websphere Commerce Suite 3.2
Ibm Websphere Application Server
Ibm Websphere Commerce Suite 3.1.2
7.2
CVSSv2
CVE-2020-4534
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated malicious user to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vul...
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 8.0
Ibm Websphere Application Server 8.5
Ibm Websphere Application Server 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »