CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1801
https://notcve.org/view.php?id=CVE-2018-1801
04 Feb 2019 — IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639. IBM App Connect, desde la versión V11.0.0.0 hasta la V11.0.0.1; IBM Integration Bus, desde la versión V10.0.0.0 hasta la V... • http://www.ibm.com/support/docview.wss?uid=ibm10795780 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1418
https://notcve.org/view.php?id=CVE-2017-1418
26 Nov 2018 — IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. La versiones 9.0.0.0, 9.0.0.11, 10.0.0.0 y 10.0.0.14 de IBM Integration Bus (inclusivas las 8.0.0.0 y 8.0.0.9 de WebSphere Message Broker) tienen permisos inseguros en determinados archivos. Un atacante local podría... • http://www.ibm.com/support/docview.wss?uid=ibm10735181 • CWE-275: Permission Issues •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2017-1126
https://notcve.org/view.php?id=CVE-2017-1126
03 Oct 2017 — IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. IBM WebSphere Message Broker (IBM Integration Bus 9.0 y 10.0) permite que un usuario no autorizado obtenga información sensible sobre versiones de software que podría permitir que se produzcan futuros ataques. IBM X-Force ID: 121341. • http://www.ibm.com/support/docview.wss?uid=swg22008470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.5EPSS: 0%CPEs: 25EXPL: 0CVE-2017-1144
https://notcve.org/view.php?id=CVE-2017-1144
05 Jul 2017 — IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. WebSphere Message Broker de IBM, podría permitir a un usuario local con acceso especializado impedir que el intermediario de mensajes se inicie. ID de IBM X-Force: 122033. • http://www.ibm.com/support/docview.wss?uid=swg22005383 • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2017-1207
https://notcve.org/view.php?id=CVE-2017-1207
05 Jul 2017 — IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. IBM WebSphere Message Broker almacena las credenciales del usuario en texto plano las cuales podrían ser leídas por un usuario local. IBM X-Force ID: 123777. • http://www.ibm.com/support/docview.wss?uid=swg22005382 • CWE-522: Insufficiently Protected Credentials •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0394
https://notcve.org/view.php?id=CVE-2016-0394
01 Feb 2017 — IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. IBM Integration Bus y WebSphere Message broker establecen permisos incorrectos para un objeto que podrían permitir a un atacante local manipular ciertos archivos. • http://www.ibm.com/support/docview.wss?uid=swg21985013 • CWE-275: Permission Issues •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2016-2961
https://notcve.org/view.php?id=CVE-2016-2961
02 Jul 2016 — The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace. El servidor de integración en IBM Integration Bus 9 en versiones anteriores a 9.0.0.6 y 10 en versiones anteriores a 10.0.0.5 y WebSphere Message Broker 8 en versiones anteriores a 8.0.0.8 permite a atacantes remotos obtener informaci... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2015-7399
https://notcve.org/view.php?id=CVE-2015-7399
11 Jan 2016 — IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors. IBM WebSphere Message Broker 7 en versiones anteriores a 7.0.0.8 y 8 en versiones anteriores a 8.0.0.6 y IBM Integration Bus 9 en versiones anteriores a 9.0.0.3 y 10 en versiones anteriores a 10.0.0.0 permiten a atacantes remotos obtener información sensible acerca del servidor ... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC99031 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2015-5011
https://notcve.org/view.php?id=CVE-2015-5011
26 Oct 2015 — IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. IBM WebSphere Message Broker 8 en versiones anteriores a 8.0.0.6 e Integration Bus 9 en versiones anteriores a 9.0.0.4 no verifica la autorización para los comandos MQSISTARTMSGFLOW y MQSISTOPMSGFLOW, lo que permite a usuarios locales ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI28139 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2015-2018
https://notcve.org/view.php?id=CVE-2015-2018
23 Aug 2015 — IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Vulnerabilidad en IBM Integration Bus 9 y 10 en versiones anteriores a 10.0.0.1 y WebSphere Message Broker 7 en versiones anteriores a 7.0.0.8 y 8 en versiones anteriores a 8.0.0.7 no asegura que sea seleccionado el perfil de seguridad correc... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT07773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •