Vulnerabilities > IBM > Websphere Application Server > 3.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-12-13 | CVE-2001-1189 | Unspecified vulnerability in IBM Websphere Application Server IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. | 4.6 |
| 2001-12-06 | CVE-2001-0824 | Cross-Site Scripting vulnerability in IBM WebSphere Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. | 7.5 |
| 2001-09-19 | CVE-2001-0962 | Unspecified vulnerability in IBM products IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. | 7.5 |