Vulnerabilities > IBM > Websphere Extreme Scale > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-06 | CVE-2020-4336 | Information Exposure vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. | 5.3 |
| 2019-09-30 | CVE-2019-4115 | Cross-site Scripting vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. | 5.4 |
| 2019-09-30 | CVE-2019-4109 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2019-09-30 | CVE-2019-4106 | Cross-site Scripting vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. | 4.8 |
| 2017-02-08 | CVE-2015-7418 | Information Exposure vulnerability in IBM Websphere Extreme Scale IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. | 4.4 |
| 2016-07-02 | CVE-2016-0400 | Unspecified vulnerability in IBM Websphere Extreme Scale CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 6.1 |