CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1801
https://notcve.org/view.php?id=CVE-2018-1801
04 Feb 2019 — IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639. IBM App Connect, desde la versión V11.0.0.0 hasta la V11.0.0.1; IBM Integration Bus, desde la versión V10.0.0.0 hasta la V... • http://www.ibm.com/support/docview.wss?uid=ibm10795780 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1418
https://notcve.org/view.php?id=CVE-2017-1418
26 Nov 2018 — IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. La versiones 9.0.0.0, 9.0.0.11, 10.0.0.0 y 10.0.0.14 de IBM Integration Bus (inclusivas las 8.0.0.0 y 8.0.0.9 de WebSphere Message Broker) tienen permisos inseguros en determinados archivos. Un atacante local podría... • http://www.ibm.com/support/docview.wss?uid=ibm10735181 • CWE-275: Permission Issues •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2017-1126
https://notcve.org/view.php?id=CVE-2017-1126
03 Oct 2017 — IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. IBM WebSphere Message Broker (IBM Integration Bus 9.0 y 10.0) permite que un usuario no autorizado obtenga información sensible sobre versiones de software que podría permitir que se produzcan futuros ataques. IBM X-Force ID: 121341. • http://www.ibm.com/support/docview.wss?uid=swg22008470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.5EPSS: 0%CPEs: 25EXPL: 0CVE-2017-1144
https://notcve.org/view.php?id=CVE-2017-1144
05 Jul 2017 — IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. WebSphere Message Broker de IBM, podría permitir a un usuario local con acceso especializado impedir que el intermediario de mensajes se inicie. ID de IBM X-Force: 122033. • http://www.ibm.com/support/docview.wss?uid=swg22005383 • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2017-1207
https://notcve.org/view.php?id=CVE-2017-1207
05 Jul 2017 — IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. IBM WebSphere Message Broker almacena las credenciales del usuario en texto plano las cuales podrían ser leídas por un usuario local. IBM X-Force ID: 123777. • http://www.ibm.com/support/docview.wss?uid=swg22005382 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9010
https://notcve.org/view.php?id=CVE-2016-9010
15 Feb 2017 — IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. IBM WebSphere Message Broker 9.0 y 10.0 podría permitir a un atacante remoto secuestrar la acción de hacer click de la víctima. Persuadiendo a la víctima para que visite u... • http://www.ibm.com/support/docview.wss?uid=swg21997906 • CWE-254: 7PK - Security Features •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9706
https://notcve.org/view.php?id=CVE-2016-9706
15 Feb 2017 — IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. IBM Integration Bus 9.0 y 10.0 y WebSphere Message Broker SOAP FLOWS es vulnerable a una denegación de servicio, provocada por un error de XML External Entity In... • http://www.ibm.com/support/docview.wss?uid=swg21997918 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0394
https://notcve.org/view.php?id=CVE-2016-0394
01 Feb 2017 — IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. IBM Integration Bus y WebSphere Message broker establecen permisos incorrectos para un objeto que podrían permitir a un atacante local manipular ciertos archivos. • http://www.ibm.com/support/docview.wss?uid=swg21985013 • CWE-275: Permission Issues •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6080
https://notcve.org/view.php?id=CVE-2016-6080
01 Feb 2017 — The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker. El contexto WebAdmin para WebSphere Message Broker permite listas de directorios que podrían revelar información sensible al atacante. • http://www.ibm.com/support/docview.wss?uid=swg21995004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2016-2961
https://notcve.org/view.php?id=CVE-2016-2961
02 Jul 2016 — The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace. El servidor de integración en IBM Integration Bus 9 en versiones anteriores a 9.0.0.6 y 10 en versiones anteriores a 10.0.0.5 y WebSphere Message Broker 8 en versiones anteriores a 8.0.0.8 permite a atacantes remotos obtener informaci... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •