Skip to main content
CVE-2015-1885 CRITICAL PATCH Act Now

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 2.0
9.3
EPSS
2.5%
CVE-2015-2117 HIGH Act Now

HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

HP RCE Authentication Bypass Tippingpoint Security Management System Tippingpoint Virtual Security Management System
NVD
CVSS 2.0
7.5
EPSS
10.2%
CVE-2015-2116 CRITICAL PATCH Act Now

Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service HP RCE Storage Data Protector
NVD
CVSS 2.0
9.0
EPSS
0.8%
CVE-2015-1882 HIGH PATCH This Week

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

IBM Race Condition RCE Java Websphere Application Server
NVD
CVSS 2.0
8.5
EPSS
2.2%
CVE-2015-1886 HIGH PATCH This Week

The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Websphere Portal
NVD
CVSS 2.0
7.8
EPSS
2.1%
CVE-2015-2706 MEDIUM This Month

Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function in Mozilla Firefox before 37.0.2 allows remote attackers to execute arbitrary code or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Mozilla RCE Firefox
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-6090 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF Curam Social Program Management
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0175 MEDIUM PATCH This Month

IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2014-6092 MEDIUM PATCH This Month

IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Curam Social Program Management
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-0113 MEDIUM PATCH This Month

The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Software Architect Design Manager Rational Team Concert Rational Rhapsody Design Manager +5
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-1908 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Websphere Portal
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0176 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Websphere Mq
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0174 MEDIUM PATCH This Month

The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-2115 LOW PATCH Monitor

Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity.

HP Information Disclosure Capture And Route Software
NVD
CVSS 2.0
2.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy