Vulnerabilities > IBM > Websphere Application Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-18 | CVE-2010-2324 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. | 7.5 |
| 2010-03-29 | CVE-2010-1182 | Unspecified vulnerability in IBM Websphere Application Server Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. | 7.5 |
| 2009-09-21 | CVE-2009-2744 | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25." | 7.8 |
| 2009-08-13 | CVE-2009-2092 | Improper Access Control vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. | 7.5 |
| 2009-08-13 | CVE-2009-2088 | Improper Authentication vulnerability in IBM Websphere Application Server The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property. | 7.5 |
| 2009-08-13 | CVE-2009-2085 | Improper Authentication vulnerability in IBM Websphere Application Server The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). | 7.5 |
| 2009-06-25 | CVE-2009-0903 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. | 7.5 |
| 2009-03-16 | CVE-2009-0508 | Information Exposure vulnerability in IBM Websphere Application Server The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. | 7.5 |
| 2009-02-10 | CVE-2009-0436 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. | 7.2 |
| 2009-02-02 | CVE-2009-0391 | Information Exposure vulnerability in IBM Websphere Application Server 6.0.1 Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. | 7.8 |