CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2012-4855
https://notcve.org/view.php?id=CVE-2012-4855
Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors. Vulnerabilidad no especificada en el framework de servicios web de IBM WebSphere Commerce v6.0 a la v6.0.0.11 y v7.0 a la v7.0.0.6 permite a atacantes remotos causar una denegación de servicio (parada de login) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR44528 http://www-01.ibm.com/support/docview.wss?uid=swg1JR45471 http://www.ibm.com/support/docview.wss?uid=swg21618720 https://exchange.xforce.ibmcloud.com/vulnerabilities/79735 •
CVSS: 4.3EPSS: 1%CPEs: 20EXPL: 0CVE-2012-5953
https://notcve.org/view.php?id=CVE-2012-5953
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service (infinite loop) via a crafted query string. IBM WebSphere Message Broker v6.1 antes v6.1.0.12, v7,0 antes de v7.0.0.6 y 8,0 antes de 8.0.0.2, cuando la opción de análisis de cadenas está habilitada en un nodo HTTPInput, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una cadena de consulta hecha a mano . • http://www-01.ibm.com/support/docview.wss?uid=swg1PM75015 http://www-01.ibm.com/support/docview.wss?uid=swg21623316 https://exchange.xforce.ibmcloud.com/vulnerabilities/80667 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.6EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0466
https://notcve.org/view.php?id=CVE-2013-0466
Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message. Cross-site scripting (XSS) en WebSphere Message Broker IBM v7,0 antes de v7.0.0.6 y v8,0 antes de v8.0.0.2 antes, cuando el soporte wsdl está habilitada en un nodo SOAPInput, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una solicitud wsdl que no se maneja adecuadamente durante la construcción de un mensaje de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC89383 http://www-01.ibm.com/support/docview.wss?uid=swg21623316 https://exchange.xforce.ibmcloud.com/vulnerabilities/81062 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2012-5952
https://notcve.org/view.php?id=CVE-2012-5952
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors. IBM WebSphere Message Broker v6.1 antes de v6.1.0.12, v7.0 antes de v7.0.0.6 y v8.0 antes de v8.0.0.2 no validan credenciales de autenticación básicas antes de proceder a operaciones de WS-Addressing y WS-Security, lo que permite a atacantes remotos provocar la transmisión de mensajes no autenticados a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC89803 http://www-01.ibm.com/support/docview.wss?uid=swg21623316 https://exchange.xforce.ibmcloud.com/vulnerabilities/80666 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2013-0462
https://notcve.org/view.php?id=CVE-2013-0462
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) v6,1, v7,0 antes de v7.0.0.27, v8.0, y v8.5 tiene un impacto desconocido y vectores de ataque. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785 •