IBM » Websphere Application Server : Security Vulnerabilities, CVEs, Published In 2015 (Gain Privilege)
The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.
Max CVSS
6.0
EPSS Score
0.50%
Published
2015-07-14
Updated
2016-11-30
The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.89%
Published
2015-07-14
Updated
2016-12-22
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.
Max CVSS
10.0
EPSS Score
0.84%
Published
2015-05-20
Updated
2017-01-03
3 vulnerabilities found