CVE-2011-1362
https://notcve.org/view.php?id=CVE-2011-1362
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1308. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la aplicación Installation Verification Test (IVT) en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.41 y v7.0 anterior a v7.0.0.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2011-1308. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM40733 http://www-01.ibm.com/support/docview.wss?uid=swg1PM65992 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 https://exchange.xforce.ibmcloud.com/vulnerabilities/69731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-5065
https://notcve.org/view.php?id=CVE-2011-5065
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM WebSphere Application Server (WAS) v anterior a v6.1.0.41 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con mensajes web. • http://secunia.com/advisories/46469 http://www-01.ibm.com/support/docview.wss?uid=swg1PM37840 http://www-01.ibm.com/support/docview.wss?uid=swg1PM49872 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/51559 https://exchange.xforce.ibmcloud.com/vulnerabilities/72336 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1377
https://notcve.org/view.php?id=CVE-2011-1377
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors. El componente Web Services Security en el producto Web Services Feature Pack anterior a versión 6.1.0.41 para WebSphere Application Server (WAS) versión 6.1 de IBM, no maneja apropiadamente la habilitación de WS-Security para una aplicación JAX-WS, que presenta un impacto y vectores de ataque no especificados. • http://secunia.com/advisories/46469 http://www-01.ibm.com/support/docview.wss?uid=swg1PM43792 http://www-01.ibm.com/support/docview.wss?uid=swg1PM50205 http://www-01.ibm.com/support/docview.wss?uid=swg27011716 http://www.securityfocus.com/bid/50310 https://exchange.xforce.ibmcloud.com/vulnerabilities/72299 •
CVE-2011-5066
https://notcve.org/view.php?id=CVE-2011-5066
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file. La clase SibRaRecoverableSiXaResource en el Default Messaging Component en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.41 no controla correctamente la operación de volcado del Service Integration Bus (SIB) que comprende el código de introspección First Failure Data Capture (FFDC, que permite a usuarios locales obtener información sensible mediante la lectura del archivo de registro FFDC. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM36685 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-2747
https://notcve.org/view.php?id=CVE-2009-2747
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. La implementación Java Naming and Directory Interface (JNDI) la aplicación en IBM WebSphere Application Server (WAS) v6.0 anterior a v6.0.2.39, v6.1 anterior a v6.1.0.29 6.1 y v7.0 anterior a v7.0.0.7 no restringe el acceso a métodos de objetos UserRegistry, lo que permite a atacantes remotos para obtener información sensible a través de una llamada al método manipulado. • http://www.ibm.com/support/docview.wss?uid=swg1PK91414 http://www.ibm.com/support/docview.wss?uid=swg1PK99480 https://exchange.xforce.ibmcloud.com/vulnerabilities/54228 • CWE-264: Permissions, Privileges, and Access Controls •