Vulnerabilities > IBM > Websphere Message Broker > 8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-05 | CVE-2017-1144 | Untrusted Search Path vulnerability in IBM Integration BUS and Websphere Message Broker IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. | 2.5 |
| 2017-02-15 | CVE-2016-9706 | XXE vulnerability in IBM Integration BUS and Websphere Message Broker IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 9.1 |
| 2017-02-15 | CVE-2016-9010 | 7PK - Security Features vulnerability in IBM Integration BUS and Websphere Message Broker IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2017-02-01 | CVE-2016-6080 | Information Exposure vulnerability in IBM Websphere Message Broker 8.0 The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. | 5.3 |
| 2017-02-01 | CVE-2016-0394 | Permission Issues vulnerability in IBM Integration BUS and Websphere Message Broker IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | 3.3 |
| 2016-07-02 | CVE-2016-2961 | Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace. | 5.3 |
| 2016-01-11 | CVE-2015-7399 | Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors. | 5.3 |