IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file.
0 kommentar(er)
