6 results (0.027 seconds)

CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. IBM WebSphere eXtreme Scale y el WebSphere DataPower XC10 Appliance permiten que algunos datos sensibles permanezcan en la memoria en vez de ser sobrescritos lo que podría permitir a un usuario local con privilegios de administrador obtener información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21971657 http://www.securityfocus.com/bid/83634 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. IBM WebSphere eXtreme Scale 7.1.0 en versiones anteriores a 7.1.0.3, 7.1.1 en versiones anteriores a 7.1.1.1, 8.5 en versiones anteriores a 8.5.0.3 y 8.6 en versiones anteriores a 8.6.0.8 no encripta correctamente datos, lo que facilita a atacantes remotos obtener información sensible espiando la red. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897 http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898 http://www-01.ibm.com/support/docview.wss?uid=swg21983036 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 1%CPEs: 14EXPL: 1

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Vulnerabilidad de inyección CRLF en IBM WebSphere eXtreme Scale 7.1.0 en versiones anteriores a 7.1.0.3, 7.1.1 en versiones anteriores a 7.1.1.1, 8.5 en versiones anteriores a 8.5.0.3 y 8.6 en versiones anteriores a 8.6.0.8 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de una URL manipulada. • https://www.exploit-db.com/exploits/40039 http://www-01.ibm.com/support/docview.wss?uid=swg1PI60897 http://www-01.ibm.com/support/docview.wss?uid=swg1PI60898 http://www-01.ibm.com/support/docview.wss?uid=swg21983036 •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0

The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. La consola de monitorización en IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, y 8.6.0 permite a usuarios remotos sin autenticar llevar a cabo ataques de phishing a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439 http://www-01.ibm.com/support/docview.wss?uid=swg21652630 https://exchange.xforce.ibmcloud.com/vulnerabilities/87154 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de monitorización en IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, y 8.6.0 permite a atacantes remotos sin autenticar inyectar script web arbitrario o HTML a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439 http://www-01.ibm.com/support/docview.wss?uid=swg21652630 https://exchange.xforce.ibmcloud.com/vulnerabilities/87126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •