IBM WebSphere Application Server 7.2 Lombardi Edition

CPE Details

IBM WebSphere Application Server 7.2 Lombardi Edition
ibm
websphere_application_server
7.2
2012-02-23
13h00 +00:00
2012-02-29
23h17 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ibm:websphere_application_server:7.2:*:lombardi:*:*:*:*:*

Informations

Vendor

ibm

Product

websphere_application_server

Version

7.2

edition

lombardi

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2014-4758 2014-09-04 08h00 +00:00 IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.
4
CVE-2014-3087 2014-08-17 21h00 +00:00 callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
4
CVE-2014-0957 2014-07-17 23h00 +00:00 Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.
4.3
CVE-2012-2162 2012-05-01 17h00 +00:00 The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
6.8
CVE-2012-0707 2012-02-23 10h00 +00:00 Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section.
4.3
CVE-2010-2087 2010-05-27 18h32 +00:00 Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
4.3
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.