CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1926
https://notcve.org/view.php?id=CVE-2018-1926
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. La consola de administrador de IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a ataques Cross-Site Request Forgery (CSRF) a causa de una validación incorrecta de entradas proporcionadas por el usuario. • http://www.securityfocus.com/bid/106204 https://exchange.xforce.ibmcloud.com/vulnerabilities/152992 https://www.ibm.com/support/docview.wss?uid=ibm10742301 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1904
https://notcve.org/view.php?id=CVE-2018-1904
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que atacantes remotos ejecuten código Java arbitrario mediante una clase del cliente administrativo con un objeto serializado desde fuentes no fiables. IBM X-Force ID: 152533. • http://www.securityfocus.com/bid/106193 https://exchange.xforce.ibmcloud.com/vulnerabilities/152533 https://www-01.ibm.com/support/docview.wss?uid=ibm10738735 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1797
https://notcve.org/view.php?id=CVE-2018-1797
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 empleando Enterprise bundle Archives (EBA) podría permitir que un atacante local salte directorios en el sistema. • http://www.securityfocus.com/bid/105982 http://www.securitytracker.com/id/1042146 https://exchange.xforce.ibmcloud.com/vulnerabilities/149427 https://www.ibm.com/support/docview.wss?uid=ibm10730699 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1643
https://notcve.org/view.php?id=CVE-2018-1643
The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588 La herramienta de verificación de instalación de IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podría dar lugar a una revelación de credenciales en una sesión de confianza. • http://www.securityfocus.com/bid/106032 http://www.securitytracker.com/id/1042088 https://exchange.xforce.ibmcloud.com/vulnerabilities/144588 https://www.ibm.com/support/docview.wss?uid=ibm10716857 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1798
https://notcve.org/view.php?id=CVE-2018-1798
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10730703 http://www.securityfocus.com/bid/105945 http://www.securitytracker.com/id/1042053 https://exchange.xforce.ibmcloud.com/vulnerabilities/149428 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •