Ibm Websphere Extreme Scale — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Websphere Extreme Scale, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2026-13772 — CVSS 7.5 (high): IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via…
CVE-2013-5393 — CVSS 7.5 (high): The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has…
CVE-2026-13759 — CVSS 7.5 (high): IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$Reusable…
CVE-2026-9002 — CVSS 6.5 (medium): IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper…
CVE-2019-4109 — CVSS 6.1 (medium): IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a…
CVE-2016-0400 — CVSS 6.1 (medium): CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before…
CVE-2015-2026 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote…
CVE-2026-13773 — CVSS 6.0 (medium): IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar…
CVE-2019-4115 — CVSS 5.4 (medium): IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2020-4336 — CVSS 5.3 (medium): IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized…
CVE-2015-2030 — CVSS 5.0 (medium): IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier…
CVE-2015-4936 — CVSS 5.0 (medium): Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via…
CVE-2013-5394 — CVSS 4.9 (medium): The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing…
CVE-2019-4106 — CVSS 4.8 (medium): IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2015-7418 — CVSS 4.4 (medium): IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being…
CVE-2015-2025 — CVSS 4.3 (medium): IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https…
CVE-2015-2029 — CVSS 4.3 (medium): Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to…
CVE-2015-2028 — CVSS 4.3 (medium): CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject…
CVE-2016-2861 — CVSS 3.7 (low): IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly…
CVE-2015-2031 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote…
CVE-2013-5390 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows…
CVE-2019-4112 — CVSS 3.3 (low): IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM…
CVE-2015-2027 — CVSS 2.1 (low): IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers…