CVSS: 6.9EPSS: 0%CPEs: 18EXPL: 0CVE-2012-3317
https://notcve.org/view.php?id=CVE-2012-3317
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300. IBM WebSphere Message Broker v6.1 anterior a v6.1.0.11, v7.0 anterior a v7.0.0.5, y v8.0 anterior a v8.0.0.2 tiene la propiedad incorrecta de cierto programa de desinstalación de Java Runtime Environment (JRE), lo que podría permitir a usuarios locales obtener privilegios mediante el aprovechamiento de acceso a uid 501 o gid 300. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477 http://www.ibm.com/support/docview.wss?uid=swg21611401 https://exchange.xforce.ibmcloud.com/vulnerabilities/77818 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 39EXPL: 0CVE-2012-4834
https://notcve.org/view.php?id=CVE-2012-4834
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI. Una vulnerabilidad de salto de directorio en LayerLoader.jsp en el componente temático en IBM WebSphere Portal v7.0.0.1 y v7.0.0.2 antes de CF19 y v8.0 antes de CF03 permite a atacantes remotos leer archivos de su elección a través de un URI diseñada para tal fin. • http://secunia.com/advisories/51281 http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354 http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344 http://www.ibm.com/support/docview.wss?uid=swg21617713 http://www.ibm.com/support/docview.wss?uid=swg24033155 https://exchange.xforce.ibmcloud.com/vulnerabilities/78914 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 2%CPEs: 7EXPL: 0CVE-2012-5758
https://notcve.org/view.php?id=CVE-2012-5758
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y v2.1.0.0 hasta v2.1.0.2 no requiere autenticación para una interfaz no especificada, lo que permite a usuarios remotos generar una denegación de servicio (salida del proceso) mediante vectores desconocidos. • http://secunia.com/advisories/51319 http://www-01.ibm.com/support/docview.wss?uid=swg1IC86908 http://www-01.ibm.com/support/docview.wss?uid=swg21615783 http://www-01.ibm.com/support/docview.wss?uid=swg24033740 http://www.securityfocus.com/bid/56617 http://www.securitytracker.com/id?1027798 https://exchange.xforce.ibmcloud.com/vulnerabilities/80063 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-5756
https://notcve.org/view.php?id=CVE-2012-5756
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y v2.1.0.0 hasta v2.1.0.2, cuando una configuración colectiva está habilitada, tiene una única clave secreta que se comparte entre diferentes instalaciones de los clientes, lo que permite a atacantes remotos falsificar un servidor de contenedores mediante (1) escuchando la red para localizar una transmisión en texto claro de esta clave o (2) el conocimiento de esta llave de otra instalación. • http://secunia.com/advisories/51319 http://www-01.ibm.com/support/docview.wss?uid=swg1PM68926 http://www-01.ibm.com/support/docview.wss?uid=swg21615783 http://www-01.ibm.com/support/docview.wss?uid=swg24033740 http://www.securityfocus.com/bid/56617 http://www.securitytracker.com/id?1027798 https://exchange.xforce.ibmcloud.com/vulnerabilities/79921 • CWE-310: Cryptographic Issues •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2012-5759
https://notcve.org/view.php?id=CVE-2012-5759
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y 2.1.0.0 hasta v2.1.0.2 permite a usuarios remotos autenticados para eludir los requisitos de roles de administración y realizar operaciones JMX arbitrarias a través de vectores no especificados. • http://osvdb.org/87620 http://secunia.com/advisories/51319 http://www-01.ibm.com/support/docview.wss?uid=swg1IC85748 http://www-01.ibm.com/support/docview.wss?uid=swg21615783 http://www-01.ibm.com/support/docview.wss?uid=swg24033740 http://www.securityfocus.com/bid/56617 http://www.securitytracker.com/id?1027798 https://exchange.xforce.ibmcloud.com/vulnerabilities/80062 • CWE-264: Permissions, Privileges, and Access Controls •