All the vulnerabilites related to ibm - websphere_virtual_enterprise
Vulnerability from fkie_nvd
Published
2019-03-06 20:29
Modified
2024-11-21 04:43
Severity ?
Summary
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10869406 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/155946 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10869406 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/155946 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_application_server | * | |
| ibm | websphere_application_server | * | |
| ibm | websphere_virtual_enterprise | 7.0 | |
| ibm | websphere_virtual_enterprise | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F840E8-BAD7-4593-B44D-1D35B8A96018",
"versionEndIncluding": "8.5.5.14",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D075436-5B36-4CF9-874C-5AD704704FDA",
"versionEndIncluding": "9.0.0.10",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95AD4F-9A31-46EB-9B69-D2143AAACB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B49B005-44DB-4CB9-9660-CF8F2A694427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server, en sus versiones 8.5 y 9.0, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 155946."
}
],
"id": "CVE-2019-4030",
"lastModified": "2024-11-21T04:43:03.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-06T20:29:00.403",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10869406"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10869406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155946"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-20 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164364 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/964766 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164364 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/964766 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_application_server | * | |
| ibm | websphere_application_server | * | |
| ibm | websphere_virtual_enterprise | 7.0 | |
| ibm | websphere_virtual_enterprise | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1013F0F-3270-4D58-A687-28F81AC04F93",
"versionEndIncluding": "8.5.5.16",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97610352-23B4-4C73-A466-D7D75E1E7011",
"versionEndIncluding": "9.0.5.0",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95AD4F-9A31-46EB-9B69-D2143AAACB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B49B005-44DB-4CB9-9660-CF8F2A694427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, Network Deployment podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial, causado mediante el env\u00edo de una URL especialmente dise\u00f1ada. Esto puede conllevar al atacante a visualizar cualquier archivo en un directorio determinado. ID de IBM X-Force: 164364."
}
],
"id": "CVE-2019-4505",
"lastModified": "2024-11-21T04:43:40.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-20T16:15:13.850",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164364"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/964766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/964766"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 17:59
Modified
2024-11-21 02:26
Severity ?
Summary
IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_application_server | 7.0 | |
| ibm | websphere_application_server | 8.0.0.0 | |
| ibm | websphere_application_server | 8.5.0.0 | |
| ibm | websphere_application_server | 8.5.0.1 | |
| ibm | websphere_application_server | 8.5.0.2 | |
| ibm | websphere_application_server | 8.5.5.0 | |
| ibm | websphere_application_server | 8.5.5.1 | |
| ibm | websphere_application_server | 8.5.5.2 | |
| ibm | websphere_application_server | 8.5.5.3 | |
| ibm | websphere_application_server | 8.5.5.4 | |
| ibm | websphere_application_server | 8.5.5.5 | |
| ibm | websphere_virtual_enterprise | 7.0 | |
| ibm | websphere_virtual_enterprise | 7.0.0.1 | |
| ibm | websphere_virtual_enterprise | 7.0.0.2 | |
| ibm | websphere_virtual_enterprise | 7.0.0.3 | |
| ibm | websphere_virtual_enterprise | 7.0.0.4 | |
| ibm | websphere_virtual_enterprise | 7.0.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1667C5-D19B-469C-82D5-8406B6D75EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD8F9CE-4E98-4187-B84A-429FA1C65E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1D7570-4AB4-44B0-B5ED-D103F0946F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E709E36-B5D0-42E5-A305-AF385FD7F347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49506702-1B31-4421-8DEE-5B789272EC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "158777FD-83D1-44B9-83B4-A3F490CA76F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA2FE6B-6E42-4E97-B803-DAB671D30FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72F5A562-5B2E-4BC7-8A81-EFE5ED265803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "168E2F18-56C6-4789-BBAC-C99D4792046F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B53EBD40-8E1A-4516-927D-ED1CF212B211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95AD4F-9A31-46EB-9B69-D2143AAACB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B812D190-1946-42DA-B40A-C9F2C623D2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58A4313D-8666-4F9D-AFE4-22D51F9ABAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "395CFBE6-C129-4A30-8C61-4F02A1672ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B691E4-0062-4541-A826-E8DEAC71BC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51F81483-22B2-4B3A-BB7F-6B2CEAFD3DC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."
},
{
"lang": "es",
"value": "WebSphere Application Server (WAS) 8.5 anteriores a 8.5.5.6 y WebSphere Virtual Enterprise 7.0 anteriores a 7.0.0.6 para WebSphere Application Server (WAS) 7.0 y 8.0, no tienen los roles de usuarios correctamente implementados lo que permite a un usuario local obtener privilegios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-1946",
"lastModified": "2024-11-21T02:26:27.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-14T17:59:02.323",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/75496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75496"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 17:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/181228 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6220336 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://www.zerodayinitiative.com/advisories/ZDI-20-688/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/181228 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6220336 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-688/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_application_server | * | |
| ibm | websphere_application_server | * | |
| ibm | websphere_virtual_enterprise | 7.0 | |
| ibm | websphere_virtual_enterprise | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E69F553E-2C9D-4406-9C45-4ADD5209DA4C",
"versionEndExcluding": "8.5.5.18",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C907DBE-73F3-4F6C-A2DC-268EF73ACA60",
"versionEndExcluding": "9.0.5.4",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95AD4F-9A31-46EB-9B69-D2143AAACB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B49B005-44DB-4CB9-9660-CF8F2A694427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server Network Deployment versiones 7.0, 8.0, 8.5 y 9.0, podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario en el sistema con una secuencia de objetos serializados especialmente dise\u00f1ada de fuentes no confiables. ID de IBM X-Force: 181228"
}
],
"id": "CVE-2020-4448",
"lastModified": "2024-11-21T05:32:45.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T17:15:11.233",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181228"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6220336"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-688/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6220336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-688/"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-27 13:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/184363 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6323293 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/184363 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6323293 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_application_server | * | |
| ibm | websphere_application_server | * | |
| ibm | websphere_virtual_enterprise | 7.0 | |
| ibm | websphere_virtual_enterprise | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E69F553E-2C9D-4406-9C45-4ADD5209DA4C",
"versionEndExcluding": "8.5.5.18",
"versionStartIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7310AE87-CD93-4996-8D26-C3DE4D77500C",
"versionEndExcluding": "9.0.5.5",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95AD4F-9A31-46EB-9B69-D2143AAACB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B49B005-44DB-4CB9-9660-CF8F2A694427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server ND versiones 8.5 y 9.0, e IBM WebSphere Virtual Enterprise versiones 7.0 y 8.0, son vulnerables a un ataque de tipo cross-site scripting cuando High Availability Deployment Manager es configurado"
}
],
"id": "CVE-2020-4575",
"lastModified": "2024-11-21T05:32:55.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-27T13:15:12.107",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184363"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6323293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6323293"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 03:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_virtual_enterprise | 6.1 | |
| ibm | websphere_virtual_enterprise | 6.1.1 | |
| ibm | websphere_virtual_enterprise | 6.1.1.1 | |
| ibm | websphere_virtual_enterprise | 6.1.1.2 | |
| ibm | websphere_virtual_enterprise | 6.1.1.3 | |
| ibm | websphere_virtual_enterprise | 6.1.1.4 | |
| ibm | websphere_virtual_enterprise | 6.1.1.5 | |
| ibm | websphere_virtual_enterprise | 7.0 | |
| ibm | websphere_virtual_enterprise | 7.0.0.1 | |
| ibm | websphere_virtual_enterprise | 7.0.0.2 | |
| ibm | websphere_virtual_enterprise | 7.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "899B6823-6182-42A0-817C-5E08F7A71CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4857E1-FBBE-49D4-B26E-227E5C7F691D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E75D4257-FA6A-4F10-9B2F-D57E690F624E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B984E8A-E809-4E05-B119-13F6D7E08030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF55F33-5A1B-44F7-BF2E-5D3D176E29E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B910DC90-B5B1-44F3-A62E-C167DCE91ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A436735A-5DA5-43E2-A299-FE4D1100796C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95AD4F-9A31-46EB-9B69-D2143AAACB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B812D190-1946-42DA-B40A-C9F2C623D2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58A4313D-8666-4F9D-AFE4-22D51F9ABAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "395CFBE6-C129-4A30-8C61-4F02A1672ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la Administration Console de IBM WebSphere Virtual Enterprise 6.1 anterior a la versi\u00f3n 6.1.1.6 y 7.0 anterior a 7.0.0.4 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a trav\u00e9s de una URL dise\u00f1ada."
}
],
"id": "CVE-2013-5425",
"lastModified": "2024-11-21T01:57:27.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-18T03:55:05.947",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93828"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652405"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87487"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-01 17:29
Modified
2024-11-21 01:59
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95AD4F-9A31-46EB-9B69-D2143AAACB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B812D190-1946-42DA-B40A-C9F2C623D2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58A4313D-8666-4F9D-AFE4-22D51F9ABAF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "395CFBE6-C129-4A30-8C61-4F02A1672ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B691E4-0062-4541-A826-E8DEAC71BC84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8FC820-48D5-4850-82F7-8DA4A18EFF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A553A6E7-64AA-41F2-9B92-4EC715C617B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFBDE57-3895-4841-B23C-06336A7016EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF56870A-F9D3-4544-B63A-EFC2E82A1F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "90BA0923-4064-49D3-82A2-EEFC4B0F9A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6289CCB4-9A13-4BB5-B44E-7CA936DD8421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "833256BB-E2A6-4FE9-BE4F-982578023E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9631D69C-AFEC-4CFF-9190-3E5435EDCEC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CE94EFF2-CA86-4179-8250-350DF0D2BE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "373412A5-2971-4C92-BAAE-A1B77D2DA723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "920F69CD-DEDB-4393-BE6E-B837BA6820B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5FE844-7F1C-4326-94EF-2CC0B4196085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5662B903-5480-403D-BC3D-2222F88264A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3F830D7B-17C2-40B5-B4A4-7A99980F63AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4D82C3F2-9C50-4D1A-B939-77FC53E44EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "03E6BAB6-D0D8-4698-BCF9-05D5A256FD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB7ACE7-6572-4D19-8E7A-BB9FC57AA343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "EF042A51-E34A-482C-8601-9FD09E6C866A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "075EC2D3-8A48-4103-910C-724A4CAF43DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFE6260-F130-44E1-9A31-985153F51385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "489E4427-4059-4026-B952-72364AFFC135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "B95D1940-E5AD-4B59-80B4-C3370BB03169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C7083F0E-57BA-4828-99E0-ECA8B54E2069",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD8F9CE-4E98-4187-B84A-429FA1C65E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1D7570-4AB4-44B0-B5ED-D103F0946F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E709E36-B5D0-42E5-A305-AF385FD7F347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49506702-1B31-4421-8DEE-5B789272EC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "158777FD-83D1-44B9-83B4-A3F490CA76F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1667C5-D19B-469C-82D5-8406B6D75EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89551609-69B7-452A-9CB2-04C12D268B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF27B7D7-4442-47CA-880D-D3B5412AEF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B595B048-4204-49B4-9497-B8D119C8784D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC38B5D4-66A3-4671-9099-0F38D283BA94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B357DB53-061F-43D5-9E9F-5D5468A5805B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29ADADD2-EC21-4C45-A381-BC2091CD9F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD901DE-9258-40DA-A09B-B0CA9DCCF843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C21DDD3-C1CF-4CB2-BA13-4807F17AC5E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la consola de administraci\u00f3n en IBM WebSphere Application Server (WAS) 7.x anterior a 7.0.0.33, 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 y WebSphere Virtual Enterprise 7.x anterior a 7.0.0.5, permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2013-6323",
"lastModified": "2024-11-21T01:59:00.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-01T17:29:56.683",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/67720"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88903"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-22 23:59
Modified
2024-11-21 02:26
Severity ?
Summary
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "415A8DC8-4232-44AA-8DF7-13D1A3AD31CD",
"versionEndIncluding": "7.0.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8FC820-48D5-4850-82F7-8DA4A18EFF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A553A6E7-64AA-41F2-9B92-4EC715C617B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFBDE57-3895-4841-B23C-06336A7016EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF56870A-F9D3-4544-B63A-EFC2E82A1F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "90BA0923-4064-49D3-82A2-EEFC4B0F9A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6289CCB4-9A13-4BB5-B44E-7CA936DD8421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "833256BB-E2A6-4FE9-BE4F-982578023E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9631D69C-AFEC-4CFF-9190-3E5435EDCEC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CE94EFF2-CA86-4179-8250-350DF0D2BE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "373412A5-2971-4C92-BAAE-A1B77D2DA723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "920F69CD-DEDB-4393-BE6E-B837BA6820B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5FE844-7F1C-4326-94EF-2CC0B4196085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5662B903-5480-403D-BC3D-2222F88264A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3F830D7B-17C2-40B5-B4A4-7A99980F63AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4D82C3F2-9C50-4D1A-B939-77FC53E44EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "03E6BAB6-D0D8-4698-BCF9-05D5A256FD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB7ACE7-6572-4D19-8E7A-BB9FC57AA343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "EF042A51-E34A-482C-8601-9FD09E6C866A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "075EC2D3-8A48-4103-910C-724A4CAF43DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFE6260-F130-44E1-9A31-985153F51385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "489E4427-4059-4026-B952-72364AFFC135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "B95D1940-E5AD-4B59-80B4-C3370BB03169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C7083F0E-57BA-4828-99E0-ECA8B54E2069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "28C790DF-0D8B-473B-AC11-A6F02C81319E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "799B6FA0-0094-4CE9-8C63-8DBFF45E7260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3C74F1-5CF6-4C35-9F5A-B9EFE8153992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6CA79D-1B97-45EF-A40E-8ADD3644201B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "C39BC1E7-EDF9-4AD6-BA15-4E750903B1F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7083FC-586B-49C4-BEED-E8AF6F7DDE54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1667C5-D19B-469C-82D5-8406B6D75EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89551609-69B7-452A-9CB2-04C12D268B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF27B7D7-4442-47CA-880D-D3B5412AEF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B595B048-4204-49B4-9497-B8D119C8784D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC38B5D4-66A3-4671-9099-0F38D283BA94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B357DB53-061F-43D5-9E9F-5D5468A5805B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29ADADD2-EC21-4C45-A381-BC2091CD9F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD901DE-9258-40DA-A09B-B0CA9DCCF843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C21DDD3-C1CF-4CB2-BA13-4807F17AC5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DBD14D-F0F2-4606-BC55-ECB6CCA3EF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1F994982-0972-4AC2-A0AB-BD3E46F7AA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD8F9CE-4E98-4187-B84A-429FA1C65E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1D7570-4AB4-44B0-B5ED-D103F0946F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E709E36-B5D0-42E5-A305-AF385FD7F347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49506702-1B31-4421-8DEE-5B789272EC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "158777FD-83D1-44B9-83B4-A3F490CA76F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA2FE6B-6E42-4E97-B803-DAB671D30FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72F5A562-5B2E-4BC7-8A81-EFE5ED265803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "168E2F18-56C6-4789-BBAC-C99D4792046F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B53EBD40-8E1A-4516-927D-ED1CF212B211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4E88BA-F637-4400-A64F-E6516AE8917C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header."
},
{
"lang": "es",
"value": "Vulnerabilidad en IBM WebSpher Application Server en 7.x en versiones anteriores a 7.0.0.39, 8.0.x en versiones anteriores a 8.0.0.11, 8.5.x en versiones anteriores a 8.5.5.7 y WebSphere Virtual Enterprise en versiones anteriores a 7.0.0.7, permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible sobre el software del servidor proxy leyendo el HTTP a trav\u00e9s de las cabeceras."
}
],
"id": "CVE-2015-1932",
"lastModified": "2024-11-21T02:26:25.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-22T23:59:01.797",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38403"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/76466"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1033325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033325"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2015-1932
Vulnerability from cvelistv5
Published
2015-08-22 23:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21963275 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1033325 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/76466 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI38403 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
},
{
"name": "1033325",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033325"
},
{
"name": "76466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76466"
},
{
"name": "PI38403",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38403"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-19T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
},
{
"name": "1033325",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033325"
},
{
"name": "76466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76466"
},
{
"name": "PI38403",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38403"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
},
{
"name": "1033325",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033325"
},
{
"name": "76466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76466"
},
{
"name": "PI38403",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38403"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1932",
"datePublished": "2015-08-22T23:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4575
Vulnerability from cvelistv5
Published
2020-08-27 12:40
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6323293 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/184363 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | IBM | WebSphere Virtual Enterprise |
Version: 7.0 Version: 8.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6323293"
},
{
"name": "ibm-websphere-cve20204575-xss (184363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Virtual Enterprise",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
}
]
},
{
"product": "WebSphere Application Server ND",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2020-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:C/I:L/A:N/C:L/AV:N/PR:N/UI:R/AC:H/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T12:40:33",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6323293"
},
{
"name": "ibm-websphere-cve20204575-xss (184363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184363"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-26T00:00:00",
"ID": "CVE-2020-4575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Virtual Enterprise",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
}
]
}
},
{
"product_name": "WebSphere Application Server ND",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6323293",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6323293 (WebSphere Application Server ND)",
"url": "https://www.ibm.com/support/pages/node/6323293"
},
{
"name": "ibm-websphere-cve20204575-xss (184363)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184363"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4575",
"datePublished": "2020-08-27T12:40:34.014636Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T19:35:46.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6323
Vulnerability from cvelistv5
Published
2014-05-01 17:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21676092 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/67720 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/88903 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21676091 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21669554 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name": "67720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67720"
},
{
"name": "ibm-was-cve20136323-xss(88903)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88903"
},
{
"name": "PI04777",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777"
},
{
"name": "PI04880",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name": "67720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67720"
},
{
"name": "ibm-was-cve20136323-xss(88903)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88903"
},
{
"name": "PI04777",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777"
},
{
"name": "PI04880",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"name": "67720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67720"
},
{
"name": "ibm-was-cve20136323-xss(88903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88903"
},
{
"name": "PI04777",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777"
},
{
"name": "PI04880",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6323",
"datePublished": "2014-05-01T17:00:00",
"dateReserved": "2013-10-31T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4030
Vulnerability from cvelistv5
Published
2019-03-06 20:00
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=ibm10869406 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/155946 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Application Server |
Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10869406"
},
{
"name": "ibm-websphere-cve20194030-xss(155946)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2019-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10869406"
},
{
"name": "ibm-websphere-cve20194030-xss(155946)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2019-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10869406",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10869406"
},
{
"name": "ibm-websphere-cve20194030-xss(155946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4030",
"datePublished": "2019-03-06T20:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:30:35.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1946
Vulnerability from cvelistv5
Published
2015-07-14 17:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21959083 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/75496 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:41.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI35180",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"
},
{
"name": "75496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI35180",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"
},
{
"name": "75496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75496"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI35180",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"
},
{
"name": "75496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75496"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1946",
"datePublished": "2015-07-14T17:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:41.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4448
Vulnerability from cvelistv5
Published
2020-06-05 12:55
Modified
2024-09-16 20:58
Severity ?
EPSS score ?
Summary
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6220336 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/181228 | vdb-entry, x_refsource_XF | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-688/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Application Server |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6220336"
},
{
"name": "ibm-websphere-cve20204448-command-exec (181228)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181228"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-688/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2020-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 8.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/I:H/A:H/UI:N/AC:L/PR:N/C:H/AV:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-05T15:06:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6220336"
},
{
"name": "ibm-websphere-cve20204448-command-exec (181228)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181228"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-688/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-06-04T00:00:00",
"ID": "CVE-2020-4448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6220336",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6220336 (WebSphere Application Server)",
"url": "https://www.ibm.com/support/pages/node/6220336"
},
{
"name": "ibm-websphere-cve20204448-command-exec (181228)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181228"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-688/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-688/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4448",
"datePublished": "2020-06-05T12:55:17.738947Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T20:58:31.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5425
Vulnerability from cvelistv5
Published
2013-11-16 02:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM93828 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87487 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21652405 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PM93828",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93828"
},
{
"name": "was-ve-cve20135425-xss(87487)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PM93828",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93828"
},
{
"name": "was-ve-cve20135425-xss(87487)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652405"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM93828",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93828"
},
{
"name": "was-ve-cve20135425-xss(87487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87487"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652405",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652405"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5425",
"datePublished": "2013-11-16T02:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-4505
Vulnerability from cvelistv5
Published
2019-09-20 15:50
Modified
2024-09-17 02:15
Severity ?
EPSS score ?
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/964766 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/164364 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Application Server |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/964766"
},
{
"name": "ibm-was-cve20194505-info-disc (164364)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2019-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/A:N/S:U/AV:N/AC:H/C:L/I:N/UI:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T15:50:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/964766"
},
{
"name": "ibm-was-cve20194505-info-disc (164364)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-09-18T00:00:00",
"ID": "CVE-2019-4505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/964766",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 964766 (WebSphere Application Server)",
"url": "https://www.ibm.com/support/pages/node/964766"
},
{
"name": "ibm-was-cve20194505-info-disc (164364)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4505",
"datePublished": "2019-09-20T15:50:11.775068Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:15:59.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}