Vulnerabilities > IBM > Websphere Message Broker > 8.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-02 | CVE-2014-6170 | Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault. | 5.0 |
2014-09-18 | CVE-2014-4819 | Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page. | 4.0 |
2013-10-19 | CVE-2013-5372 | Resource Management Errors vulnerability in IBM Websphere Message Broker The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities. | 4.3 |
2013-05-29 | CVE-2013-0482 | Security vulnerability in IBM products IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. network ibm | 4.3 |
2013-02-20 | CVE-2013-0466 | Cross-Site Scripting vulnerability in IBM Websphere Message Broker Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message. | 2.6 |
2013-02-20 | CVE-2012-5953 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere Message Broker IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service (infinite loop) via a crafted query string. | 4.3 |
2013-02-20 | CVE-2012-5952 | Improper Authentication vulnerability in IBM Websphere Message Broker IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors. | 5.0 |
2012-12-05 | CVE-2012-3317 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Message Broker IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300. | 6.9 |