6 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. La interfaz de usuario web en IBM WebSphere Service Registry y Repository (WSRR) 6.3.x a través de 6.3.0.5, 7.0.x a través de7.0.0.5, 7.5.x a través de7.5.0.4, 8.0.x anterior a 8.0.0.3, y 8.5.x anterior a 8.5.0.1 no establece el indicador de seguridad en una cookie de sesión https, lo cual hace más fácil a atacantes remotos capturar dicha cookie interceptando la transmisión dentro de una sesión http. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010 http://www.ibm.com/support/docview.wss?uid=swg21693379 http://www.ibm.com/support/docview.wss?uid=swg21693381 http://www.ibm.com/support/docview.wss?uid=swg21693384 http://www.ibm.com/support/docview.wss? • CWE-310: Cryptographic Issues •

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidades múltiples de salto de directorio en IBM WebSphere Service Registry and Repository (WSRR) 7.5.x a través de 7.5.0.4, 8.0.x anterior a 8.0.0.3, y 8.5.x anterior a 8.5.0.1 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de vectores sin especificar. • http://secunia.com/advisories/61805 http://www-01.ibm.com/support/docview.wss?uid=swg1IV63585 http://www.ibm.com/support/docview.wss?uid=swg21693384 http://www.ibm.com/support/docview.wss?uid=swg21693387 http://www.ibm.com/support/docview.wss?uid=swg21693389 https://exchange.xforce.ibmcloud.com/vulnerabilities/97678 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en los widgets de IBM WebSphere Service Registry y Repository (WSRR) 7.5.x anterior a 7.5.0.4 y 8.0.x anterior a 8.0.0.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV51765 http://www.ibm.com/support/docview.wss?uid=swg21693384 http://www.ibm.com/support/docview.wss?uid=swg21693387 https://exchange.xforce.ibmcloud.com/vulnerabilities/98514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en IBM WebSphere Service Registry y Repository (WSRR) 6.3 a través de 6.3.0.5, 7.0.x a través de 7.0.0.5, 7.5.x a través de 7.5.0.4, 8.0.x anterior a 8.0.0.3, y 8.5.x anterior a 8.5.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores sin especificar. • http://secunia.com/advisories/61805 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64000 http://www.ibm.com/support/docview.wss?uid=swg21693379 http://www.ibm.com/support/docview.wss?uid=swg21693381 http://www.ibm.com/support/docview.wss?uid=swg21693384 http://www.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de usuario en IBM WebSphere Service Registry And Repository (WSRR) 6.2, 6.3 anterior a 6.3.0.6, 7.0 anterior a 7.0.0.6, 7.5 anterior a 7.5.0.5 y 8.0 anterior a 8.0.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/58949 http://www-01.ibm.com/support/docview.wss?uid=swg1IV56254 http://www-01.ibm.com/support/docview.wss?uid=swg21672829 https://exchange.xforce.ibmcloud.com/vulnerabilities/92999 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •