5 results (0.017 seconds)

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS podría permitir a atacantes, obtener información sensible leyendo el fichero default_create.log, que está asociado con la creación de perfiles por los trabajos BBOWWPFx y zPMT. • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 http://www.vupen.com/english/advisories/2010/1411 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS permite a atacantes remotos efectuar acciones no especificadas de inyección de enlaces a través de vectores desconocidos. • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM09250 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 http://www.vupen.com/english/advisories/2010/1411 •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en la consola de administración de WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS, permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de vectores no especificados, relativos en parte a "inyección URL". • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM11778 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 http://www.vupen.com/english/advisories/2010/1411 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. Varias vulnerabilidades sin especificar en la consola de administración de IBM WebSphere Application Server (WAS) v7.0.x hasta la v7.0.0.9 en z/OS tienen un impacto y vectores de ataque desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376 http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161 http://www.vupen.com/english/advisories/2010/0609 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. Una vulnerabilidad sin especificar en el IBM WebSphere Application Server (WAS) 6.0.1 en z/OS permite a los atacantes leer ficheros arbitrarios a través de vectores desconocidos. • http://osvdb.org/51663 http://secunia.com/advisories/33729 http://www-01.ibm.com/support/docview.wss?uid=swg1PK72036 http://www-01.ibm.com/support/docview.wss?uid=swg1PK79232 http://www.securityfocus.com/bid/33533 http://www.securitytracker.com/id?1021658 http://www.vupen.com/english/advisories/2009/0423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •