Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-5065 | 4.3 |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging.
|
29-08-2017 - 01:30 | 15-01-2012 - 03:55 | |
CVE-2011-1362 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrar
|
17-08-2017 - 01:34 | 15-01-2012 - 03:55 | |
CVE-2011-0315 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors
|
17-08-2017 - 01:33 | 12-01-2011 - 01:00 | |
CVE-2011-0316 | 5.0 |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status inf
|
17-08-2017 - 01:33 | 12-01-2011 - 01:00 | |
CVE-2010-0777 | 2.6 |
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote atta
|
17-08-2017 - 01:32 | 17-05-2010 - 22:30 | |
CVE-2010-0781 | 4.0 |
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.
|
17-08-2017 - 01:32 | 21-09-2010 - 20:00 | |
CVE-2009-2085 | 7.5 |
The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrict
|
17-08-2017 - 01:30 | 13-08-2009 - 18:30 | |
CVE-2009-2089 | 2.1 |
The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by readin
|
17-08-2017 - 01:30 | 13-08-2009 - 18:30 | |
CVE-2009-1900 | 5.0 |
The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive informati
|
17-08-2017 - 01:30 | 03-06-2009 - 17:00 | |
CVE-2009-2087 | 2.1 |
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfusca
|
17-08-2017 - 01:30 | 13-08-2009 - 18:30 | |
CVE-2009-1899 | 10.0 |
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authent
|
17-08-2017 - 01:30 | 03-06-2009 - 17:00 | |
CVE-2009-2088 | 7.5 |
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass
|
17-08-2017 - 01:30 | 13-08-2009 - 18:30 | |
CVE-2009-0892 | 5.5 |
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
|
17-08-2017 - 01:30 | 31-03-2009 - 14:09 | |
CVE-2009-0891 | 5.5 |
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values
|
17-08-2017 - 01:30 | 25-03-2009 - 01:30 | |
CVE-2009-0904 | 6.4 |
The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify
|
17-08-2017 - 01:30 | 05-07-2009 - 16:30 | |
CVE-2009-0434 | 1.9 |
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to ob
|
08-08-2017 - 01:33 | 10-02-2009 - 22:30 | |
CVE-2009-0435 | 5.0 |
Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service
|
08-08-2017 - 01:33 | 10-02-2009 - 22:30 | |
CVE-2009-0432 | 5.0 |
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive
|
08-08-2017 - 01:33 | 10-02-2009 - 22:30 | |
CVE-2009-0433 | 2.6 |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon c
|
08-08-2017 - 01:33 | 10-02-2009 - 22:30 | |
CVE-2008-4111 | 9.3 |
Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors.
|
08-08-2017 - 01:32 | 16-09-2008 - 23:00 | |
CVE-2008-4679 | 6.8 |
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEn
|
08-08-2017 - 01:32 | 22-10-2008 - 18:00 | |
CVE-2008-4285 | 5.0 |
Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attacker
|
08-08-2017 - 01:32 | 17-02-2009 - 17:30 | |
CVE-2008-3236 | 5.0 |
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties"
|
08-08-2017 - 01:31 | 21-07-2008 - 16:41 | |
CVE-2009-1172 | 10.0 |
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has u
|
24-10-2014 - 05:37 | 31-03-2009 - 14:09 | |
CVE-2011-5066 | 2.1 |
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (
|
08-02-2012 - 05:00 | 15-01-2012 - 03:55 |