- Home
- CVEs with nessus.description==IBM WebSphere Application Server 7.0 before Fix Pack 3 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities :
- Under certain conditions it may be possible to access administrative console user sessions. (PK74966)
- The administrative console is affected by a cross-site scripting vulnerability. (PK77505)
- If APAR PK41002 has been applied, a vulnerability in the JAX-RPC WS-Security component could incorrectly validate 'UsernameToken'. (PK75992)
- Sample applications shipped with IBM WebSphere Application Server are affected by cross-site scripting vulnerabilities. (PK76720)
- Certain files associated with interim fixes for Unix- based versions of IBM WebSphere Application Server are built with insecure file permissions. (PK77590)
- The Web Services Security component is affected by an unspecified security issue in digital-signature specification. (PK80596)
- It may be possible for an attacker to read arbitrary application-specific war files. (PK81387)
- A security bypass caused by inbound requests that lack a SOAPAction or WS-Addressing Action. (PK72138)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top