Vulnerabilities > IBM > Websphere Application Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-03 | CVE-2018-1794 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. | 6.1 |
| 2018-10-03 | CVE-2018-1793 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. | 6.1 |
| 2018-09-14 | CVE-2018-1719 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. | 5.9 |
| 2018-09-06 | CVE-2018-1695 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server 7.0.0.0/8.0.0.0/8.5.5.0 IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. | 5.6 |
| 2018-08-24 | CVE-2018-1755 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). | 5.9 |
| 2018-07-06 | CVE-2018-1621 | Cleartext Storage of Sensitive Information vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. | 6.7 |
| 2018-05-04 | CVE-2017-1743 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. | 4.3 |
| 2018-03-22 | CVE-2017-1788 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. | 5.3 |
| 2018-03-14 | CVE-2017-1741 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. | 4.3 |
| 2017-10-10 | CVE-2017-1503 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. | 6.1 |