All the vulnerabilites related to IBM Corporation - IBM WebSphere Application Server
jvndb-2013-000004
Vulnerability from jvndb
Published
2013-01-25 12:32
Modified
2013-01-25 12:32
Summary
WebSphere Application Server (WAS) vulnerable to cross-site scripting
Details
WebSphere Application Server (WAS) provided by IBM contains a cross-site scripting vulnerability.
WebSphere Application Server (WAS) provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting.
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN24343509/index.html |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| IBM Corporation | IBM WebSphere Application Server |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000004.html",
"dc:date": "2013-01-25T12:32+09:00",
"dcterms:issued": "2013-01-25T12:32+09:00",
"dcterms:modified": "2013-01-25T12:32+09:00",
"description": "WebSphere Application Server (WAS) provided by IBM contains a cross-site scripting vulnerability.\r\n\r\nWebSphere Application Server (WAS) provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting.\r\n\r\nEiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000004.html",
"sec:cpe": {
"#text": "cpe:/a:ibm:websphere_application_server",
"@product": "IBM WebSphere Application Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000004",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN24343509/index.html",
"@id": "JVN#24343509",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WebSphere Application Server (WAS) vulnerable to cross-site scripting"
}
jvndb-2011-000017
Vulnerability from jvndb
Published
2011-03-04 19:29
Modified
2018-02-07 17:10
Summary
IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
Details
IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability.
IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).
According to the developer:
" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000017.html",
"dc:date": "2018-02-07T17:10+09:00",
"dcterms:issued": "2011-03-04T19:29+09:00",
"dcterms:modified": "2018-02-07T17:10+09:00",
"description": "IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability.\r\n\r\nIBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).\r\n\r\nAccording to the developer:\r\n\r\n\" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability.\"",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000017.html",
"sec:cpe": [
{
"#text": "cpe:/a:hp:systems_insight_manager",
"@product": "HP Systems Insight Manager",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:websphere_application_server",
"@product": "IBM WebSphere Application Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000017",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26301278/index.html",
"@id": "JVN#26301278",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2011-02/index.html",
"@id": "JVNTR-2011-02",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476",
"@id": "CVE-2010-4476",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/43295",
"@id": "SA43295",
"@source": "SECUNIA"
},
{
"#text": "http://www.securitytracker.com/id?1025062",
"@id": "1025062",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-189",
"@title": "Numeric Errors(CWE-189)"
}
],
"title": "IBM WebSphere Application Server vulnerable to denial-of-service (DoS)"
}
cve-2017-1194
Vulnerability from cvelistv5
Published
2017-04-28 17:00
Modified
2024-08-05 13:25
Severity
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
References
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98142 | vdb-entry, x_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg22001226 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038378 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product |
|---|---|
| IBM Corporation | IBM WebSphere Application Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98142"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IBM WebSphere Application Server",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.0, 8.0, 8.5, 9.0"
}
]
}
],
"datePublic": "2017-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "98142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98142"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IBM WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0, 8.0, 8.5, 9.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98142"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001226",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
},
{
"name": "1038378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1194",
"datePublished": "2017-04-28T17:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}