CVSS: 5.0EPSS: 0%CPEs: 65EXPL: 0CVE-2009-2747
https://notcve.org/view.php?id=CVE-2009-2747
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. La implementación Java Naming and Directory Interface (JNDI) la aplicación en IBM WebSphere Application Server (WAS) v6.0 anterior a v6.0.2.39, v6.1 anterior a v6.1.0.29 6.1 y v7.0 anterior a v7.0.0.7 no restringe el acceso a métodos de objetos UserRegistry, lo que permite a atacantes remotos para obtener información sensible a través de una llamada al método manipulado. • http://www.ibm.com/support/docview.wss?uid=swg1PK91414 http://www.ibm.com/support/docview.wss?uid=swg1PK99480 https://exchange.xforce.ibmcloud.com/vulnerabilities/54228 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2009-2748
https://notcve.org/view.php?id=CVE-2009-2748
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS)en Administration Console en IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.29 y v7.1 anteriores v7.0.0.7, permite a atacantes remotos inyectar script web de su elección o HTML a través de vectores no especificados. • http://www.ibm.com/support/docview.wss?uid=swg1PK92057 http://www.ibm.com/support/docview.wss?uid=swg1PK99481 https://exchange.xforce.ibmcloud.com/vulnerabilities/54229 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 46EXPL: 0CVE-2011-1359
https://notcve.org/view.php?id=CVE-2011-1359
Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en la consola de administración en IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.41, v7.0 anteriores a v7.0.0.19, y v8.0 anteriores a v8.0.0.1, permite a atacantes remotos leer ficheros locales de su elección al utilizar caracteres .. (punto punto) en la URI. • http://secunia.com/advisories/45749 http://www-01.ibm.com/support/docview.wss?uid=swg1PM45322 http://www.ibm.com/support/docview.wss?uid=swg21509257 http://www.osvdb.org/74817 http://www.securityfocus.com/bid/49362 https://exchange.xforce.ibmcloud.com/vulnerabilities/69473 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 44EXPL: 0CVE-2011-1355
https://notcve.org/view.php?id=CVE-2011-1355
Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. Vulnerabilidad "Open redirect" en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.39 y v7.0 anterior a 7.0.0.19 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través del parámetro logoutExitPage. • http://www.ibm.com/support/docview.wss?uid=swg1PM35701 http://www.ibm.com/support/docview.wss?uid=swg1PM42436 https://exchange.xforce.ibmcloud.com/vulnerabilities/68570 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 44EXPL: 0CVE-2011-1356
https://notcve.org/view.php?id=CVE-2011-1356
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. IBM WebSphere Application Server (WAS) v6.1 y anteriores a v6.1.0.39 y v7 y anteriores a v7.0.0.19 permite a usuarios locales obtener pilas de información de seguimiento a través de una solicitud diseñada para ello de la consola de administración. • http://www.ibm.com/support/docview.wss?uid=swg1PM36620 http://www.ibm.com/support/docview.wss?uid=swg1PM42436 http://www.securityfocus.com/bid/48709 https://exchange.xforce.ibmcloud.com/vulnerabilities/68571 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •