cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.
Max CVSS
10.0
EPSS Score
0.84%
Published
2015-05-20
Updated
2017-01-03
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.
Max CVSS
9.8
EPSS Score
0.31%
Published
2018-02-08
Updated
2018-03-10
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.32%
Published
2012-01-15
Updated
2017-08-17
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.45%
Published
2009-03-31
Updated
2014-10-24
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438.
Max CVSS
10.0
EPSS Score
0.35%
Published
2008-12-10
Updated
2017-08-08
Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors.
Max CVSS
9.3
EPSS Score
0.75%
Published
2008-09-16
Updated
2017-08-08
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.
Max CVSS
10.0
EPSS Score
0.41%
Published
2008-01-10
Updated
2011-04-07
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.41%
Published
2007-06-19
Updated
2017-07-29
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."
Max CVSS
10.0
EPSS Score
0.41%
Published
2007-06-19
Updated
2017-07-29
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!