CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4537
https://notcve.org/view.php?id=CVE-2019-4537
IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593. IBM WebSphere Service Registry and Repository versión 8.5, podría permitir a un usuario obtener información confidencial de la versión que podría ser usada en futuros ataques contra el sistema. IBM X-Force ID: 165593. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165593 https://www.ibm.com/support/pages/node/3436359 •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-6160
https://notcve.org/view.php?id=CVE-2014-6160
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. IBM WebSphere Service Registry y Repository (WSRR) 8.5 anterior a 8.5.0.1, cuando se usan Chrome y WebSEAL, no procesa adecuadamente ServiceRegistryDashboard las acciones de logout, lo que permite a atacantes saltarse las restricciones de acceso aprovechando una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV63498 http://www-01.ibm.com/support/docview.wss?uid=swg21693389 https://exchange.xforce.ibmcloud.com/vulnerabilities/97709 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 15EXPL: 0CVE-2014-6186
https://notcve.org/view.php?id=CVE-2014-6186
IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph. IBM WebSphere Service Registry y Repository (WSRR) 6.3.x anterior a 6.3.0.5, 7.0.x a través de 7.0.0.5, 7.5.x anterior a 7.5.0.3, y 8.0.x anterior a 8.0.0.1 permite a usuarios autenticados evadir las restricciones de acceso a objetos a través de datagraph. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV26309 http://www.ibm.com/support/docview.wss?uid=swg21693379 http://www.ibm.com/support/docview.wss?uid=swg21693381 http://www.ibm.com/support/docview.wss?uid=swg21693384 http://www.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2014-6153
https://notcve.org/view.php?id=CVE-2014-6153
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. La interfaz de usuario web en IBM WebSphere Service Registry y Repository (WSRR) 6.3.x a través de 6.3.0.5, 7.0.x a través de7.0.0.5, 7.5.x a través de7.5.0.4, 8.0.x anterior a 8.0.0.3, y 8.5.x anterior a 8.5.0.1 no establece el indicador de seguridad en una cookie de sesión https, lo cual hace más fácil a atacantes remotos capturar dicha cookie interceptando la transmisión dentro de una sesión http. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010 http://www.ibm.com/support/docview.wss?uid=swg21693379 http://www.ibm.com/support/docview.wss?uid=swg21693381 http://www.ibm.com/support/docview.wss?uid=swg21693384 http://www.ibm.com/support/docview.wss? • CWE-310: Cryptographic Issues •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-6180
https://notcve.org/view.php?id=CVE-2014-6180
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header. Vulnerabilidad XSS en la interfaz de usuario web de IBM WebSphere Service Registry y Repository (WSRR) 7.0.x anterior a 7.0.0.5 y 7.5.x anterior a 7.5.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera HTTP User-Agent. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV01657 http://www.ibm.com/support/docview.wss?uid=swg21693381 http://www.ibm.com/support/docview.wss?uid=swg21693384 https://exchange.xforce.ibmcloud.com/vulnerabilities/98515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •