CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4851
https://notcve.org/view.php?id=CVE-2012-4851
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM WebSphere Application Server v8.5 Liberty Profile antes de v8.5.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URI diseñada para tal fin. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM68643 http://www.ibm.com/support/docview.wss?uid=swg21614265 http://www.securityfocus.com/bid/56423 https://exchange.xforce.ibmcloud.com/vulnerabilities/79541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4850
https://notcve.org/view.php?id=CVE-2012-4850
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. IBM WebSphere Application Server v8.5 Liberty Profile antes de v8.5.0.1, cuando se usa JAX-RS, no valida correctamente las solicitudes, lo que permite a atacantes remotos obtener privilegios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM67082 http://www.ibm.com/support/docview.wss?uid=swg21614265 http://www.securityfocus.com/bid/56460 https://exchange.xforce.ibmcloud.com/vulnerabilities/79539 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2012-3330
https://notcve.org/view.php?id=CVE-2012-3330
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request. El servidor proxy en IBM WebSphere Application Server v7.0 antes de v7.0.0.27, v8.0 antes de v8.0.0.5 y v8.5 antes de v8.5.0.1 y WebSphere Virtual Enterprise, permite a atacantes remotos provocar una denegación de servicio (parada del demonio) a través de una solicitud modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71319 http://www.ibm.com/support/docview.wss?uid=swg21614265 https://exchange.xforce.ibmcloud.com/vulnerabilities/78047 •
CVSS: 5.0EPSS: 0%CPEs: 34EXPL: 0CVE-2012-4830
https://notcve.org/view.php?id=CVE-2012-4830
Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere Commerce v6.0 hasta v6.0.0.11 y 7.0 hasta v7.0.0.6, permite a atacantes remotos obtener datos personales de los usuarios a través de vectores desconocidos • http://osvdb.org/85868 http://www-01.ibm.com/support/docview.wss?uid=swg1SE53160 http://www-01.ibm.com/support/docview.wss?uid=swg21612484 https://exchange.xforce.ibmcloud.com/vulnerabilities/78867 •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2199
https://notcve.org/view.php?id=CVE-2012-2199
The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel. El agente del canal de mensaje de servidor en el gestor de colas del servidor IBM WebSphere MQ v7.0.1 antes de v7.0.1.9, v7.1 y v7.5 en Solaris permite a atacantes remotos provocar una denegación de servicio (excepción por alineación de dirección inválida y caída del demonio) a través de vectores relacionados con un canal multiplexado. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC82725 http://www.ibm.com/support/docview.wss?uid=swg21610285 https://exchange.xforce.ibmcloud.com/vulnerabilities/76434 • CWE-399: Resource Management Errors •