CVE-2020-4590
https://notcve.org/view.php?id=CVE-2020-4590
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650. IBM WebSphere Application Server Liberty versiones 17.0.0.3 hasta 20.0.0.9, ejecutando las funcionalidades de servidor oauth-2.0 o openidConnectServer-1.0, es vulnerable a un ataque de denegación de servicio conducido por un cliente autenticado. IBM X-Force ID: 184650 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184650 https://www.ibm.com/support/pages/node/6333623 •
CVE-2020-4578
https://notcve.org/view.php?id=CVE-2020-4578
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista lo que puede conducir a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/184433 https://www.ibm.com/support/pages/node/6328895 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4575
https://notcve.org/view.php?id=CVE-2020-4575
IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. IBM WebSphere Application Server ND versiones 8.5 y 9.0, e IBM WebSphere Virtual Enterprise versiones 7.0 y 8.0, son vulnerables a un ataque de tipo cross-site scripting cuando High Availability Deployment Manager es configurado • https://exchange.xforce.ibmcloud.com/vulnerabilities/184363 https://www.ibm.com/support/pages/node/6323293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4589
https://notcve.org/view.php?id=CVE-2020-4589
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia especialmente diseñada de objetos serializados de fuentes no confiables. • https://exchange.xforce.ibmcloud.com/vulnerabilities/184585 https://www.ibm.com/support/pages/node/6258333 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4534
https://notcve.org/view.php?id=CVE-2020-4534
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges. IBM X-Force ID: 182808. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante autenticado local alcanzar privilegios elevados sobre el sistema, debido a un manejo inapropiado de las rutas UNC. Al programar una tarea con una ruta UNC especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario con privilegios elevados. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182808 https://www.ibm.com/support/pages/node/6255074 •