Vulnerabilities > IBM > Websphere Application Server > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-01-27 | CVE-2013-0462 | Security Bypass vulnerability in IBM WebSphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. | 10.0 |
| 2012-12-20 | CVE-2012-5955 | Unspecified vulnerability in IBM Http Server and Websphere Application Server Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors. | 10.0 |
| 2012-01-15 | CVE-2011-1377 | Unspecified vulnerability in IBM Websphere Application Server The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors. | 10.0 |
| 2010-08-30 | CVE-2010-3186 | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors. | 10.0 |
| 2009-06-03 | CVE-2009-1899 | Multiple Security vulnerability in IBM WebSphere Application Server Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin." | 10.0 |
| 2009-06-03 | CVE-2009-1901 | Multiple Security vulnerability in IBM WebSphere Application Server The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors. | 10.0 |
| 2009-03-31 | CVE-2009-1172 | Improper Input Validation vulnerability in IBM Websphere Application Server The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors. | 10.0 |
| 2009-03-31 | CVE-2009-1174 | Cryptographic Issues vulnerability in IBM Websphere Application Server 7.0/7.0.0.1 The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors. | 10.0 |
| 2009-02-10 | CVE-2008-4283 | Improper Input Validation vulnerability in IBM Websphere Application Server CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 10.0 |
| 2008-12-10 | CVE-2008-5412 | Multiple Unspecified vulnerability in IBM WebSphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. | 10.0 |