Vulnerabilities > IBM > Websphere Application Server > 9.0.0.4

DATE CVE VULNERABILITY TITLE RISK
2017-08-03 CVE-2017-1504 Unspecified vulnerability in IBM Websphere Application Server 9.0.0.4
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption.
network
low complexity
ibm
6.5
2017-07-24 CVE-2017-1382 Incorrect Default Permissions vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used.
local
low complexity
ibm CWE-276
7.1
2017-07-24 CVE-2017-1380 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-07-21 CVE-2017-1381 Information Exposure vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served.
local
low complexity
ibm CWE-200
3.3