Search Results (882 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1378 2 Hp, Ibm 2 Openvms, Websphere Mq 2025-04-11 N/A
IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command.
CVE-2009-0900 1 Ibm 1 Websphere Mq 2025-04-11 N/A
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.
CVE-2009-2750 1 Ibm 1 Websphere Service Registry And Repository 2025-04-11 N/A
IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query.
CVE-2010-0563 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.
CVE-2010-4220 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."
CVE-2012-4820 3 Ibm, Redhat, Tivoli Storage Productivity Center 18 Java, Lotus Domino, Lotus Notes and 15 more 2025-04-11 N/A
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
CVE-2012-4821 3 Ibm, Redhat, Tivoli Storage Productivity Center 17 Java, Lotus Domino, Lotus Notes and 14 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
CVE-2012-4822 3 Ibm, Redhat, Tivoli Storage Productivity Center 18 Java, Lotus Domino, Lotus Notes and 15 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class."
CVE-2010-0769 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.
CVE-2010-0770 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake.
CVE-2012-0707 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section.
CVE-2010-0714 1 Ibm 4 Lotus Quickr, Lotus Web Content Management, Lotus Workplace Web Content Management and 1 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2024-27268 1 Ibm 1 Websphere Application Server 2025-04-10 5.9 Medium
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.
CVE-2022-43917 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-03-31 5.9 Medium
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.
CVE-2024-54181 2 Ibm, Linux 2 Websphere Automation, Linux Kernel 2025-03-28 7.2 High
IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-23477 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-03-25 8.1 High
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.
CVE-2024-27270 1 Ibm 1 Websphere Application Server 2025-03-05 4.7 Medium
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.
CVE-2024-25026 1 Ibm 1 Websphere Application Server 2025-02-27 5.9 Medium
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516.
CVE-2023-26283 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-02-25 5.4 Medium
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.
CVE-2022-39161 1 Ibm 1 Websphere Application Server 2025-02-12 4.8 Medium
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.