CVSS: 4.3EPSS: 0%CPEs: 68EXPL: 0CVE-2013-4052
https://notcve.org/view.php?id=CVE-2013-4052
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad cross-site scripting (XSS) en la consola administrativa UDDI de IBM WebSphere Application Server (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteriores a 7.0.0.31), 8.0 (anteriores a 8.0.0.8) y 8.5 (anteriores a 8.5.5.1) permite a un atacante remoto inyectar script web o HTML a discrección a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892 http://www.ibm.com/support/docview.wss?uid=swg21647522 https://exchange.xforce.ibmcloud.com/vulnerabilities/86504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 87EXPL: 0CVE-2013-4053
https://notcve.org/view.php?id=CVE-2013-4053
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors. La implementación WS-Security en IBM WebSphere Application (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteriores a 7.0.0.31), 8.0 (anteriores a 8.5.5.1) y WAS Feature Pack para Web Services 6.1 (anteriores a 6.1.0.47), cuando un almacén de confianza es configurado para Firmas Digitales XML, no verifica certificados X.509 apropiadamente, lo que permite a atacantes remotos obtener acceso con privilegios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949 http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521 http://www.ibm.com/support/docview.wss?uid=swg21647522 https://exchange.xforce.ibmcloud.com/vulnerabilities/86505 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2013-0596
https://notcve.org/view.php?id=CVE-2013-0596
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en la consola administrativa en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM73445 http://www.ibm.com/support/docview.wss?uid=swg21647522 https://exchange.xforce.ibmcloud.com/vulnerabilities/83608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 0CVE-2013-2992
https://notcve.org/view.php?id=CVE-2013-2992
The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. El componente de búsqueda en IBM WebSphere Commerce 7.0 FP4 hasta la versión FP6, en determinadas configuraciones de asociaciones búsqueda-termino, permite a atacantes remotos provocar una denegación de servicio a través de una consulta manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR46013 http://www-01.ibm.com/support/docview.wss?uid=swg1JR47273 http://www-01.ibm.com/support/docview.wss?uid=swg1JR47295 http://www-01.ibm.com/support/docview.wss?uid=swg1JR47313 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4039
https://notcve.org/view.php?id=CVE-2013-4039
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors. IBM WebSphere Extended Deployment Compute Grid v8.0 anterior a v8.0.0.3 permite a los usuarios remotos autenticados obtener información sensible, y por lo tanto pasar por alto las restricciones de acceso a los trabajos, a través de vectores no especificados. • http://osvdb.org/96607 http://secunia.com/advisories/54651 http://www-01.ibm.com/support/docview.wss?uid=swg1PM84760 http://www-01.ibm.com/support/docview.wss?uid=swg21647485 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www.securityfocus.com/bid/61992 https://exchange.xforce.ibmcloud.com/vulnerabilities/86175 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •