- Home
- CVEs with nessus.description==IBM WebSphere Application Server 6.1 before Fix Pack 23 appears to be installed on the remote host. Such versions are reportedly affected by multiple vulnerabilities :
- Provided an attacker has valid credentials, it may be possible to hijack an authenticated session. (PK66676)
- It may be possible for a remote attacker to redirect users to arbitrary sites using ibm_security_logout servlet. (PK71126)
- Under certain conditions it may be possible to access administrative console user sessions. (PK74966)
- If APAR PK41002 has been applied, a vulnerability in the JAX-RPC WS-Security component could incorrectly validate 'UsernameToken'. (PK75992)
- Sample applications shipped with IBM WebSphere Application Server are affected by cross-site scripting vulnerabilities. (PK76720)
- The administrative console is affected by a cross-site scripting vulnerability. (PK77505)
- It may be possible for an attacker to read arbitrary application-specific war files. (PK81387)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top