CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2014-0965
https://notcve.org/view.php?id=CVE-2014-0965
22 Aug 2014 — IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9, y 8.5.x anterior a 8.5.5.3 permite a atacantes remotos obtener información sensible a través de una respuesta SOAP manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI11434 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2014-3022
https://notcve.org/view.php?id=CVE-2014-3022
22 Aug 2014 — IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9, y 8.5.x anterior a 8.5.5.3 permite a atacantes remotos obtener información sensible a través de una URL manipulada que provoca una condición de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI09594 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2014-0891
https://notcve.org/view.php?id=CVE-2014-0891
28 Jun 2014 — IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a atacantes remotos obtener información sensible mediante el aprovechamiento del manejo incorrecto de solicitudes por el servidor (1) Proxy o (2... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI09786 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 42EXPL: 0CVE-2014-0859
https://notcve.org/view.php?id=CVE-2014-0859
01 May 2014 — The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. El plugin servidor web en IBM WebSphere Application Server (WAS) 7.x anterior a 7.0.0.33, 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2, cuando reintentos POST están habilitados, permite a atacantes remotos causar una denegación de servicio (caída de de... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI08892 •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0857
https://notcve.org/view.php?id=CVE-2014-0857
01 May 2014 — The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request. La consola de administración en IBM WebSphere Application Server (WAS) 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a usuarios remotos autenticados obtener información sensible a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07808 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 47EXPL: 0CVE-2013-6323
https://notcve.org/view.php?id=CVE-2013-6323
01 May 2014 — Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la consola de administración en IBM WebSphere Application Server (WAS) 7.x anterior a 7.0.0.33, 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 y WebSphere Virt... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0823
https://notcve.org/view.php?id=CVE-2014-0823
01 May 2014 — IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. IBM WebSphere Application Server (WAS) 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a atacantes remotos leer archivos arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2013-6325
https://notcve.org/view.php?id=CVE-2013-6325
16 Jan 2014 — IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8 y 8.5.x anteriores a 8.5.5.2 permite a atacantes remotos causar una denegacuón de servicio (consumo de recursos) a través de una petición manipulada al endpoint de servicios web. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99450 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 0CVE-2013-6725
https://notcve.org/view.php?id=CVE-2013-6725
16 Jan 2014 — Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad cross-site scripting (XSS) en Administrative Console de IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8, y 8.5.x anteriores a 8.5.5.2 permite a usuarios remotos autenticados inyectar... • http://osvdb.org/102119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 39EXPL: 0CVE-2013-5414
https://notcve.org/view.php?id=CVE-2013-5414
16 Nov 2013 — The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation. La funcionalidad de migración en IBM WebSphere Application Server (WAS) 7.0 antes 7.0.0.31, 8.0 antes 8.0.0.8, y 8.5 antes d... • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 • CWE-264: Permissions, Privileges, and Access Controls •