Search Results (882 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3059 1 Ibm 2 Websphere Datapower Xc10 Appliance, Websphere Datapower Xc10 Appliance Firmware 2025-04-12 N/A
Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network.
CVE-2014-3060 1 Ibm 2 Websphere Datapower Xc10 Appliance, Websphere Datapower Xc10 Appliance Firmware 2025-04-12 N/A
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.
CVE-2014-3070 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2014-3075 1 Ibm 2 Business Process Manager, Websphere Application Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.
CVE-2014-3083 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2014-4816 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2014-6164 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.
CVE-2015-1921 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
CVE-2014-4764 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors.
CVE-2014-4771 1 Ibm 1 Websphere Mq 2025-04-12 N/A
IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.
CVE-2014-4792 1 Ibm 1 Websphere Portal 2025-04-12 N/A
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files.
CVE-2014-4793 1 Ibm 1 Websphere Mq 2025-04-12 N/A
IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors.
CVE-2014-4808 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors.
CVE-2014-4814 1 Ibm 1 Websphere Portal 2025-04-12 N/A
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVE-2014-4760 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
CVE-2014-6093 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-6116 1 Ibm 1 Websphere Mq 2025-04-12 N/A
The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration.
CVE-2014-6125 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVE-2014-6126 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6138 1 Ibm 1 Websphere Datapower Xc10 Appliance Firmware 2025-04-12 N/A
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.