Export limit exceeded: 362544 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (879 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1905 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534. | ||||
| CVE-2018-1904 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533. | ||||
| CVE-2018-1902 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531. | ||||
| CVE-2018-1901 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530. | ||||
| CVE-2018-1885 | 1 Ibm | 4 Business Automation Workflow, Business Process Manager, Business Process Manager Enterprise Service Bus and 1 more | 2024-11-21 | N/A |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. | ||||
| CVE-2018-1851 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999. | ||||
| CVE-2018-1848 | 1 Ibm | 3 Business Automation Workflow, Business Process Manager, Websphere | 2024-11-21 | N/A |
| IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947. | ||||
| CVE-2018-1840 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813. | ||||
| CVE-2018-1838 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811. | ||||
| CVE-2018-1820 | 1 Ibm | 1 Websphere Portal | 2024-11-21 | N/A |
| IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096. | ||||
| CVE-2018-1808 | 1 Ibm | 1 Websphere Commerce | 2024-11-21 | N/A |
| IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828. | ||||
| CVE-2018-1801 | 1 Ibm | 3 App Connect, Integration Bus, Websphere Message Broker | 2024-11-21 | N/A |
| IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639. | ||||
| CVE-2018-1798 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428. | ||||
| CVE-2018-1797 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427. | ||||
| CVE-2018-1794 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949. | ||||
| CVE-2018-1793 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948. | ||||
| CVE-2018-1792 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | N/A |
| IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. | ||||
| CVE-2018-1777 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148800. | ||||
| CVE-2018-1770 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686. | ||||
| CVE-2018-1767 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621. | ||||