Vulnerabilities > IBM > Websphere Application Server > 7.0.0.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-06-20 | CVE-2012-2170 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request. | 4.3 |
2012-06-20 | CVE-2012-0720 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2012-06-20 | CVE-2012-0717 | Improper Authentication vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. | 2.6 |
2012-06-20 | CVE-2012-0716 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-05-01 | CVE-2012-2162 | Cryptographic Issues vulnerability in IBM Websphere Application Server The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. | 6.8 |
2012-01-15 | CVE-2011-1362 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-10-30 | CVE-2009-2748 | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-10-30 | CVE-2009-2747 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. | 5.0 |
2011-09-06 | CVE-2011-1359 | Path Traversal vulnerability in IBM Websphere Application Server Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2011-07-19 | CVE-2011-1356 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. | 2.1 |