| Max CVSS | 5.1 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-8890 | 5.1 |
IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.
|
08-09-2017 - 01:29 | 18-12-2014 - 16:59 | |
| CVE-2014-6166 | 4.3 |
The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML externa
|
08-09-2017 - 01:29 | 18-12-2014 - 16:59 | |
| CVE-2014-6167 | 4.3 |
Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafte
|
08-09-2017 - 01:29 | 18-12-2014 - 16:59 | |
| CVE-2014-6174 | 4.3 |
IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.
|
08-09-2017 - 01:29 | 18-12-2014 - 16:59 | |
| CVE-2014-6164 | 5.0 |
IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.
|
08-09-2017 - 01:29 | 18-12-2014 - 16:59 |