CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2015-1970
https://notcve.org/view.php?id=CVE-2015-1970
03 Aug 2015 — The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere. El dispositivo IBM WebSpher DataPower XC10 2.1 hasta la versión 2.1.0.3 y 2.5 hasta la versión 2.5.0.4, retiene los datos en tarjetas SSD, lo que podría permitir a atacantes físicamente próximos obtener información sensible mediante la extracción de una tarjeta y su c... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT09803 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1893
https://notcve.org/view.php?id=CVE-2015-1893
06 Apr 2015 — The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors. El dispositivo IBM WebSphere DataPower XC10 2.1 anterior a 2.1.0.3 permite a atacantes remotos secuestrar las sesiones de usuarios arbitrarios, y como consecuencia obtener información sensible o modificar datos, a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT07841 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2013-5403
https://notcve.org/view.php?id=CVE-2013-5403
27 Sep 2013 — Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere DataPower XC10 appliance v2.0 hasta v2.5.0.1 permite a atacantes remotos conseguir acceso administrativo a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96174 •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-0600
https://notcve.org/view.php?id=CVE-2013-0600
09 May 2013 — Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. Vulnerabilidad sin especificar en dispositivos IBM WebSphere DataPower XC10 Appliance v2.0 y v2.1 hasta v2.1 FP3 lo que permite a atacantes remotos burlar la autenticación y realizar acciones administraticas a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC91726 •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2012-5756
https://notcve.org/view.php?id=CVE-2012-5756
23 Nov 2012 — The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y v2.1.0.0 hasta v2.1.0.... • http://secunia.com/advisories/51319 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 0CVE-2012-5758
https://notcve.org/view.php?id=CVE-2012-5758
23 Nov 2012 — The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y v2.1.0.0 hasta v2.1.0.2 no requiere autenticación para una interfaz no especificada, lo que permite a usuarios remotos generar una denegación de servicio (salida del proceso) mediante vectores... • http://secunia.com/advisories/51319 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2012-5759
https://notcve.org/view.php?id=CVE-2012-5759
23 Nov 2012 — The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y 2.1.0.0 hasta v2.1.0.2 permite a usuarios remotos autenticados para eludir los requisitos de roles de administración y realizar operaciones JMX arbitrarias a través de vectores no especificados. • http://osvdb.org/87620 • CWE-264: Permissions, Privileges, and Access Controls •