5 results (0.010 seconds)

CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere DataPower XC10 appliance v2.0 hasta v2.5.0.1 permite a atacantes remotos conseguir acceso administrativo a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96174 http://www.ibm.com/support/docview.wss?uid=swg21651098 https://exchange.xforce.ibmcloud.com/vulnerabilities/87299 •

CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. Vulnerabilidad sin especificar en dispositivos IBM WebSphere DataPower XC10 Appliance v2.0 y v2.1 hasta v2.1 FP3 lo que permite a atacantes remotos burlar la autenticación y realizar acciones administraticas a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC91726 http://www-01.ibm.com/support/docview.wss?uid=swg21636324 •

CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 0

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y v2.1.0.0 hasta v2.1.0.2 no requiere autenticación para una interfaz no especificada, lo que permite a usuarios remotos generar una denegación de servicio (salida del proceso) mediante vectores desconocidos. • http://secunia.com/advisories/51319 http://www-01.ibm.com/support/docview.wss?uid=swg1IC86908 http://www-01.ibm.com/support/docview.wss?uid=swg21615783 http://www-01.ibm.com/support/docview.wss?uid=swg24033740 http://www.securityfocus.com/bid/56617 http://www.securitytracker.com/id?1027798 https://exchange.xforce.ibmcloud.com/vulnerabilities/80063 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y v2.1.0.0 hasta v2.1.0.2, cuando una configuración colectiva está habilitada, tiene una única clave secreta que se comparte entre diferentes instalaciones de los clientes, lo que permite a atacantes remotos falsificar un servidor de contenedores mediante (1) escuchando la red para localizar una transmisión en texto claro de esta clave o (2) el conocimiento de esta llave de otra instalación. • http://secunia.com/advisories/51319 http://www-01.ibm.com/support/docview.wss?uid=swg1PM68926 http://www-01.ibm.com/support/docview.wss?uid=swg21615783 http://www-01.ibm.com/support/docview.wss?uid=swg24033740 http://www.securityfocus.com/bid/56617 http://www.securitytracker.com/id?1027798 https://exchange.xforce.ibmcloud.com/vulnerabilities/79921 • CWE-310: Cryptographic Issues •

CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y 2.1.0.0 hasta v2.1.0.2 permite a usuarios remotos autenticados para eludir los requisitos de roles de administración y realizar operaciones JMX arbitrarias a través de vectores no especificados. • http://osvdb.org/87620 http://secunia.com/advisories/51319 http://www-01.ibm.com/support/docview.wss?uid=swg1IC85748 http://www-01.ibm.com/support/docview.wss?uid=swg21615783 http://www-01.ibm.com/support/docview.wss?uid=swg24033740 http://www.securityfocus.com/bid/56617 http://www.securitytracker.com/id?1027798 https://exchange.xforce.ibmcloud.com/vulnerabilities/80062 • CWE-264: Permissions, Privileges, and Access Controls •