The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of IBM WebSphere Application Server Liberty

Hibernate Validator: privilege escalation via Message Interpolation Processor
An attacker can bypass restrictions via Message Interpolation Processor of Hibernate Validator, in order to escalate his privileges...
6348216, CVE-2020-10693, RHSA-2020:3461-01, RHSA-2020:3462-01, RHSA-2020:3463-01, RHSA-2020:3464-01, RHSA-2020:3495-01, RHSA-2020:3496-01, RHSA-2020:3497-01, RHSA-2020:3501-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-33092
IBM WebSphere Application Server Liberty: privilege escalation via openidConnectServer
An authenticated attacker can bypass restrictions via openidConnectServer of IBM WebSphere Application Server Liberty, in order to escalate his privileges...
6205926, CVE-2020-4421, VIGILANCE-VUL-32183
WebSphere AS Liberty: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of WebSphere AS Liberty, in order to run JavaScript code in the context of the web site...
6147195, CVE-2020-4303, CVE-2020-4304, VIGILANCE-VUL-31913
Apache CXF: Cross Site Scripting via Endpoint Names
An attacker can trigger a Cross Site Scripting via Endpoint Names of Apache CXF, in order to run JavaScript code in the context of the web site...
6100132, 6344071, cpujul2020, CVE-2019-17573, RHSA-2020:2058-01, RHSA-2020:2059-01, RHSA-2020:2060-01, RHSA-2020:2061-01, RHSA-2020:2106-01, RHSA-2020:2107-01, RHSA-2020:2108-01, RHSA-2020:2112-01, RHSA-2020:2113-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-31835
IBM SDK: executing DLL code
An attacker can create a malicious DLL, and then put it in the current directory of IBM SDK, in order to execute code...
1289194, 3260187, 5694963, 5695611, 5695629, 5695653, 5695851, 6173781, 6199287, 6199289, 6201679, 6210521, 6210522, 6257207, CVE-2019-4732, SUSE-SU-2020:0466-1, VIGILANCE-VUL-31514
Apache CXF: denial of service via Large Number Of Message Attachments
An attacker can trigger a fatal error via Large Number Of Message Attachments of Apache CXF, in order to trigger a denial of service...
1288774, 6344071, CVE-2019-12406, VIGILANCE-VUL-31502
WebSphere AS: memory leak
An attacker can create a memory leak of WebSphere AS, in order to trigger a denial of service...
1285372, 2892021, 3380121, 3510741, CERTFR-2020-AVI-066, CVE-2019-4720, VIGILANCE-VUL-31477
Swagger UI: information disclosure via RPO Input Field Value Exfiltration
An attacker can bypass access restrictions to data via RPO Input Field Value Exfiltration of Swagger UI, in order to obtain sensitive information...
1274596, CVE-2019-17495, VIGILANCE-VUL-31380
Oracle Java: vulnerabilities of January 2020
Several vulnerabilities were announced in Oracle products...
1289194, 3260187, 5694963, 6120873, 6121041, 6199287, 6199289, 6201679, 6210521, 6210522, 6217590, 6235912, 6245356, 6248703, 6248705, 6250533, 6256052, 6257207, 6338657, 6338659, CERTFR-2020-AVI-035, CERTFR-2020-AVI-176, cpujan2020, CVE-2020-2583, CVE-2020-2585, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655, CVE-2020-2659, DLA-2128-1, DSA-2020-062, DSA-2020-135, DSA-2020-198, DSA-4605-1, DSA-4621-1, FEDORA-2020-0a2dd63bf0, FEDORA-2020-202cb87e26, FEDORA-2020-2ed6716c30, FEDORA-2020-7e042e371a, FEDORA-2020-d735a887d1, FEDORA-2020-ebbf986d01, openSUSE-SU-2020:0113-1, openSUSE-SU-2020:0147-1, RHSA-2020:0122-01, RHSA-2020:0128-01, RHSA-2020:0157-01, RHSA-2020:0196-01, RHSA-2020:0202-01, RHSA-2020:0231-01, RHSA-2020:0232-01, RHSA-2020:0465-01, RHSA-2020:0467-01, RHSA-2020:0468-01, RHSA-2020:0469-01, RHSA-2020:0470-01, RHSA-2020:0541-01, RHSA-2020:0632-01, RHSA-2020:2236-01, RHSA-2020:2237-01, RHSA-2020:2238-01, RHSA-2020:2239-01, RHSA-2020:2241-01, RHSA-2020:3386-01, RHSA-2020:3387-01, RHSA-2020:3388-01, SB10315, SUSE-SU-2020:0140-1, SUSE-SU-2020:0213-1, SUSE-SU-2020:0261-1, SUSE-SU-2020:0456-1, SUSE-SU-2020:0466-1, SUSE-SU-2020:0528-1, SUSE-SU-2020:0628-1, SUSE-SU-2020:14286-1, SUSE-SU-2020:14287-1, SUSE-SU-2020:14398-1, SUSE-SU-2020:1683-1, SUSE-SU-2020:1684-1, SUSE-SU-2020:1685-1, USN-4257-1, VIGILANCE-VUL-31331
WebSphere AS: denial of service via Request Headers
An attacker can trigger a fatal error via Request Headers of WebSphere AS, in order to trigger a denial of service...
1107597, CVE-2019-4046, VIGILANCE-VUL-31200
Our database contains other pages. You can request a free trial to read them.

Display information about IBM WebSphere Application Server Liberty: