Vulnerabilities > IBM > Websphere Extreme Scale
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-06 | CVE-2020-4336 | Information Exposure vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. | 5.3 |
| 2019-09-30 | CVE-2019-4115 | Cross-site Scripting vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. | 5.4 |
| 2019-09-30 | CVE-2019-4112 | Improper Privilege Management vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2019-09-30 | CVE-2019-4109 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2019-09-30 | CVE-2019-4106 | Cross-site Scripting vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. | 4.8 |
| 2017-02-08 | CVE-2015-7418 | Information Exposure vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. | 4.4 |
| 2016-07-02 | CVE-2016-2861 | Information Exposure vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 3.7 |
| 2016-07-02 | CVE-2016-0400 | Unspecified vulnerability in IBM Websphere Extreme Scale CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 6.1 |