Search Results (879 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1901 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.
CVE-2008-2221 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.
CVE-2009-2087 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors.
CVE-2009-1009 2 Ibm, Oracle 2 Websphere Portal, Application Server 2026-04-23 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
CVE-2009-1008 2 Ibm, Oracle 2 Websphere Portal, Application Server 2026-04-23 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.
CVE-2009-1010 2 Ibm, Oracle 2 Websphere Portal, Application Server 2026-04-23 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.
CVE-2009-2090 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors.
CVE-2007-4839 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803.
CVE-2008-5675 1 Ibm 1 Websphere Portal 2026-04-23 N/A
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."
CVE-2009-0120 1 Ibm 1 Websphere Datapower Xml Security Gateway Xs40 2026-04-23 N/A
The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data.
CVE-2006-6637 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."
CVE-2006-6537 1 Ibm 1 Websphere Host On-demand 2026-04-23 N/A
IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html.
CVE-2008-4283 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2009-0391 1 Ibm 2 Websphere Application Server, Zos 2026-04-23 N/A
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors.
CVE-2008-5414 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken."
CVE-2008-4285 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance."
CVE-2007-3127 1 Ibm 1 Websphere Portal 2026-04-23 N/A
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.
CVE-2007-3128 1 Ibm 1 Websphere Portal 2026-04-23 N/A
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2006-7164 3 Ibm, Linux, Unix 3 Websphere Application Server, Linux Kernel, Unix 2026-04-23 N/A
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
CVE-2007-6679 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.