- Home
- CVEs with nessus.description==IBM WebSphere Application Server 7.0 before Fix Pack 3 appears to be
running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities :
- Under certain conditions it may be possible to access
administrative console user sessions. (PK74966)
- The administrative console is affected by a cross-site
scripting vulnerability. (PK77505)
- If APAR PK41002 has been applied, a vulnerability in the
JAX-RPC WS-Security component could incorrectly
validate 'UsernameToken'. (PK75992)
- Sample applications shipped with IBM WebSphere
Application Server are affected by cross-site scripting
vulnerabilities. (PK76720)
- Certain files associated with interim fixes for Unix-
based versions of IBM WebSphere Application Server are
built with insecure file permissions. (PK77590)
- The Web Services Security component is affected by an
unspecified security issue in digital-signature
specification. (PK80596)
- It may be possible for an attacker to read arbitrary
application-specific war files. (PK81387)
- A security bypass caused by inbound requests that lack
a SOAPAction or WS-Addressing Action. (PK72138)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top