RSS   Podatności dla 'Websphere application server'   RSS

2020-02-05
 
CVE-2019-4670

CWE-200
 

 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319.

 
2020-02-04
 
CVE-2020-4163

CWE-269
 

 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397.

 
2020-02-03
 
CVE-2019-4732

CWE-426
 

 
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.

 
2020-01-31
 
CVE-2019-4720

CWE-400
 

 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.

 
2019-12-10
 
CVE-2019-4663

CWE-79
 

 
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.

 
2019-10-03
 
CVE-2019-4441

CWE-209
 

 
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177.

 
2019-09-30
 
CVE-2019-4305

CWE-565
 

 
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.

 
 
CVE-2019-4304

CWE-384
 

 
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.

 
2019-09-20
 
CVE-2019-4505

CWE-200
 

 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

 
2019-09-17
 
CVE-2019-4477

CWE-200
 

 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997.

 


Copyright 2020, cxsecurity.com

 

Back to Top