Search criteria
4 vulnerabilities found for IBM WebSphere Application Server by IBM Corporation
CVE-2017-1194 (GCVE-0-2017-1194)
Vulnerability from cvelistv5 – Published: 2017-04-28 17:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | IBM WebSphere Application Server |
Affected:
7.0, 8.0, 8.5, 9.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98142"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IBM WebSphere Application Server",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0, 8.5, 9.0"
}
]
}
],
"datePublic": "2017-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "98142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98142"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IBM WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0, 8.0, 8.5, 9.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98142"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001226",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1194",
"datePublished": "2017-04-28T17:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1194 (GCVE-0-2017-1194)
Vulnerability from nvd – Published: 2017-04-28 17:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | IBM WebSphere Application Server |
Affected:
7.0, 8.0, 8.5, 9.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98142"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IBM WebSphere Application Server",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0, 8.5, 9.0"
}
]
}
],
"datePublic": "2017-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "98142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98142"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IBM WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0, 8.0, 8.5, 9.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98142"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001226",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1194",
"datePublished": "2017-04-28T17:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2013-000004
Vulnerability from jvndb - Published: 2013-01-25 12:32 - Updated:2013-01-25 12:32Summary
WebSphere Application Server (WAS) vulnerable to cross-site scripting
Details
WebSphere Application Server (WAS) provided by IBM contains a cross-site scripting vulnerability.
WebSphere Application Server (WAS) provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting.
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000004.html",
"dc:date": "2013-01-25T12:32+09:00",
"dcterms:issued": "2013-01-25T12:32+09:00",
"dcterms:modified": "2013-01-25T12:32+09:00",
"description": "WebSphere Application Server (WAS) provided by IBM contains a cross-site scripting vulnerability.\r\n\r\nWebSphere Application Server (WAS) provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting.\r\n\r\nEiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000004.html",
"sec:cpe": {
"#text": "cpe:/a:ibm:websphere_application_server",
"@product": "IBM WebSphere Application Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000004",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN24343509/index.html",
"@id": "JVN#24343509",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WebSphere Application Server (WAS) vulnerable to cross-site scripting"
}
JVNDB-2011-000017
Vulnerability from jvndb - Published: 2011-03-04 19:29 - Updated:2018-02-07 17:10Summary
IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
Details
IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability.
IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).
According to the developer:
" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000017.html",
"dc:date": "2018-02-07T17:10+09:00",
"dcterms:issued": "2011-03-04T19:29+09:00",
"dcterms:modified": "2018-02-07T17:10+09:00",
"description": "IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability.\r\n\r\nIBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).\r\n\r\nAccording to the developer:\r\n\r\n\" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability.\"",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000017.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HP Systems Insight Manager",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:websphere_application_server",
"@product": "IBM WebSphere Application Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000017",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26301278/index.html",
"@id": "JVN#26301278",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2011-02/index.html",
"@id": "JVNTR-2011-02",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/43295",
"@id": "SA43295",
"@source": "SECUNIA"
},
{
"#text": "http://www.securitytracker.com/id?1025062",
"@id": "1025062",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-189",
"@title": "Numeric Errors(CWE-189)"
}
],
"title": "IBM WebSphere Application Server vulnerable to denial-of-service (DoS)"
}