Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for IBM WebSphere Application Server by IBM Corporation

    CVE-2017-1194 (GCVE-0-2017-1194)

    Vulnerability from nvd – Published: 2017-04-28 17:00 – Updated: 2024-08-05 13:25
    VLAI
    Summary
    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2017-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:25:17.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98142",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98142"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
              },
              {
                "name": "1038378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038378"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IBM WebSphere Application Server",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0, 8.0, 8.5, 9.0"
                }
              ]
            }
          ],
          "datePublic": "2017-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "98142",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98142"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
            },
            {
              "name": "1038378",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038378"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2017-1194",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IBM WebSphere Application Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0, 8.0, 8.5, 9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98142",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98142"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22001226",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
                },
                {
                  "name": "1038378",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038378"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1194",
        "datePublished": "2017-04-28T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:25:17.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1194 (GCVE-0-2017-1194)

    Vulnerability from cvelistv5 – Published: 2017-04-28 17:00 – Updated: 2024-08-05 13:25
    VLAI
    Summary
    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2017-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:25:17.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98142",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98142"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
              },
              {
                "name": "1038378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038378"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IBM WebSphere Application Server",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0, 8.0, 8.5, 9.0"
                }
              ]
            }
          ],
          "datePublic": "2017-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "98142",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98142"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
            },
            {
              "name": "1038378",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038378"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2017-1194",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IBM WebSphere Application Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0, 8.0, 8.5, 9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98142",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98142"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22001226",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22001226"
                },
                {
                  "name": "1038378",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038378"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1194",
        "datePublished": "2017-04-28T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:25:17.482Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2013-000004

    Vulnerability from jvndb - Published: 2013-01-25 12:32 - Updated:2013-01-25 12:32
    Severity
    N/A (UNKNOWN) - -
    Summary
    WebSphere Application Server (WAS) vulnerable to cross-site scripting
    Details
    WebSphere Application Server (WAS) provided by IBM contains a cross-site scripting vulnerability. WebSphere Application Server (WAS) provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting. Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000004.html",
      "dc:date": "2013-01-25T12:32+09:00",
      "dcterms:issued": "2013-01-25T12:32+09:00",
      "dcterms:modified": "2013-01-25T12:32+09:00",
      "description": "WebSphere Application Server (WAS) provided by IBM contains a cross-site scripting vulnerability.\r\n\r\nWebSphere Application Server (WAS) provided by IBM contains a vulnerability in SnoopServlet, which may result in a cross-site scripting.\r\n\r\nEiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000004.html",
      "sec:cpe": {
        "#text": "cpe:/a:ibm:websphere_application_server",
        "@product": "IBM WebSphere Application Server",
        "@vendor": "IBM Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000004",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN24343509/index.html",
          "@id": "JVN#24343509",
          "@source": "JVN"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "WebSphere Application Server (WAS) vulnerable to cross-site scripting"
    }

    JVNDB-2011-000017

    Vulnerability from jvndb - Published: 2011-03-04 19:29 - Updated:2018-02-07 17:10
    Severity
    N/A (UNKNOWN) - -
    Summary
    IBM WebSphere Application Server vulnerable to denial-of-service (DoS)
    Details
    IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: " For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000017.html",
      "dc:date": "2018-02-07T17:10+09:00",
      "dcterms:issued": "2011-03-04T19:29+09:00",
      "dcterms:modified": "2018-02-07T17:10+09:00",
      "description": "IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability.\r\n\r\nIBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).\r\n\r\nAccording to the developer:\r\n\r\n\" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability.\"",
      "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000017.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:hp:systems_insight_manager",
          "@product": "HP Systems Insight Manager",
          "@vendor": "Hewlett-Packard Development Company,L.P",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:ibm:websphere_application_server",
          "@product": "IBM WebSphere Application Server",
          "@vendor": "IBM Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2011-000017",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN26301278/index.html",
          "@id": "JVN#26301278",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/tr/JVNTR-2011-02/index.html",
          "@id": "JVNTR-2011-02",
          "@source": "JVNTR"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476",
          "@id": "CVE-2010-4476",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476",
          "@id": "CVE-2010-4476",
          "@source": "NVD"
        },
        {
          "#text": "http://secunia.com/advisories/43295",
          "@id": "SA43295",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securitytracker.com/id?1025062",
          "@id": "1025062",
          "@source": "SECTRACK"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-189",
          "@title": "Numeric Errors(CWE-189)"
        }
      ],
      "title": "IBM WebSphere Application Server vulnerable to denial-of-service (DoS)"
    }