Vulnerabilities > IBM > Websphere Application Server > 6.1.0.17

DATE CVE VULNERABILITY TITLE RISK
2012-09-25 CVE-2012-3311 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors.
local
ibm CWE-264
3.3
3.3
2012-09-25 CVE-2012-3306 Credentials Management vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors.
network
ibm CWE-255
6.8
6.8
2012-09-25 CVE-2012-3305 Path Traversal vulnerability in IBM Websphere Application Server
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.
network
low complexity
ibm CWE-22
6.4
6.4
2012-09-25 CVE-2012-3304 Unspecified vulnerability in IBM Websphere Application Server
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors.
network
ibm
6.8
6.8
2012-08-30 CVE-2012-3325 Improper Input Validation vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.
network
ibm CWE-20
6.0
6.0
2012-08-21 CVE-2012-3293 Cross-Site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue.
network
ibm CWE-79
4.3
4.3
2012-08-21 CVE-2012-2190 Cryptographic Issues vulnerability in IBM Websphere Application Server
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol.
network
low complexity
ibm CWE-310
5.0
5.0
2012-05-01 CVE-2012-2162 Cryptographic Issues vulnerability in IBM Websphere Application Server
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
network
ibm CWE-310
6.8
6.8
2012-01-20 CVE-2012-0193 Improper Input Validation vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
network
low complexity
ibm CWE-20
5.0
5.0
2012-01-19 CVE-2011-1376 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.
local
low complexity
ibm CWE-264
4.6
4.6