Vulnerabilities > IBM > Websphere Application Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-03 | CVE-2018-1793 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. | 6.1 |
| 2018-09-26 | CVE-2018-1683 | Missing Encryption of Sensitive Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. | 7.5 |
| 2018-09-14 | CVE-2018-1719 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. | 5.9 |
| 2018-09-07 | CVE-2018-1567 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. | 9.8 |
| 2018-09-06 | CVE-2018-1695 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server 7.0.0.0/8.0.0.0/8.5.5.0 IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. | 5.6 |
| 2018-08-24 | CVE-2018-1755 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). | 5.9 |
| 2018-07-06 | CVE-2018-1621 | Cleartext Storage of Sensitive Information vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. | 6.7 |
| 2018-06-27 | CVE-2018-1553 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. | 7.5 |
| 2018-06-26 | CVE-2018-1614 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. | 7.5 |
| 2018-05-24 | CVE-2013-3024 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 8.5.0.0/8.5.0.1/8.5.0.2 IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. | 7.8 |