Search Results (879 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0891 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
CVE-2009-0892 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout.
CVE-2007-3263 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."
CVE-2009-0897 1 Ibm 1 Websphere Partner Gateway 2026-04-23 N/A
IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script).
CVE-2009-2087 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors.
CVE-2007-3262 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.
CVE-2009-2089 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file.
CVE-2009-2093 1 Ibm 1 Websphere Partner Gateway 2026-04-23 N/A
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-3264 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.
CVE-2009-0906 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.
CVE-2009-1008 2 Ibm, Oracle 2 Websphere Portal, Application Server 2026-04-23 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.
CVE-2009-1009 2 Ibm, Oracle 2 Websphere Portal, Application Server 2026-04-23 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
CVE-2009-1010 2 Ibm, Oracle 2 Websphere Portal, Application Server 2026-04-23 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.
CVE-2009-1172 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
CVE-2009-1173 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used.
CVE-2009-1174 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.
CVE-2009-1901 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.
CVE-2009-1898 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network.
CVE-2009-1899 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin."
CVE-2009-2956 1 Ibm 1 Websphere Commerce Suite 2026-04-23 N/A
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.