Search Results (882 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4284 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.
CVE-2008-4283 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2006-7198 1 Ibm 2 Racf, Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.
CVE-2015-7450 1 Ibm 7 Sterling B2b Integrator, Sterling Integrator, Tivoli Common Reporting and 4 more 2026-04-21 9.8 Critical
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
CVE-2006-3232 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used."
CVE-2006-3231 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."
CVE-2006-2436 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.
CVE-2006-2434 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace.
CVE-2006-2433 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console".
CVE-2006-2432 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token.
CVE-2002-1169 1 Ibm 1 Websphere Caching Proxy Server 2026-04-16 N/A
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
CVE-2006-2431 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.
CVE-2006-2430 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.
CVE-2001-0312 1 Ibm 1 Websphere Plugin 2026-04-16 N/A
IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.
CVE-2002-1168 1 Ibm 1 Websphere Caching Proxy Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
CVE-2006-2342 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root.
CVE-2006-1619 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header.
CVE-2002-1167 1 Ibm 1 Websphere Caching Proxy Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
CVE-2006-1093 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed.
CVE-2002-1153 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".