IBM WebSphere Application Server for z/OS Multiple Security Vulnerabilities
IBM WebSphere Application Server for z/OS is prone to the following security vulnerabilities:
1. A session-hijacking vulnerability.
2. A directory traversal vulnerability.
3. A security-bypass vulnerability.
Exploiting these issues will allow an attacker to hijack a victim's session, overwrite arbitrary local files within the context of the web server and bypass certain security restrictions. Information harvested may aid in launching further attacks.
IBM WebSphere Application Server 6.1, 7, 8 and 8.5 are vulnerable.