Vulnerabilities > IBM > Websphere Application Server > 6.1.0.11

DATE CVE VULNERABILITY TITLE RISK
2018-02-08 CVE-2011-4889 7PK - Security Features vulnerability in IBM Websphere Application Server
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password.
network
low complexity
ibm CWE-254
7.5
2015-11-08 CVE-2015-2017 HTTP Response Splitting vulnerability in Multiple IBM Products
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
network
ibm
4.3
2015-05-20 CVE-2015-1920 Improper Access Control vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.
network
low complexity
ibm CWE-284
critical
10.0
2014-09-23 CVE-2014-4816 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
ibm CWE-352
6.0
2014-09-23 CVE-2014-4770 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
2014-05-16 CVE-2014-0964 Resource Management Errors vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.
network
ibm CWE-399
7.1
2013-09-20 CVE-2013-4053 Improper Input Validation vulnerability in IBM products
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors.
network
ibm CWE-20
6.8
2013-09-20 CVE-2013-4052 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2013-09-20 CVE-2013-0596 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
2013-08-21 CVE-2013-4005 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
network
ibm CWE-79
3.5