CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4782
https://notcve.org/view.php?id=CVE-2020-4782
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (/../) para visualizar archivos arbitrarios en el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/189213 https://www.ibm.com/support/pages/node/6356083 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4576
https://notcve.org/view.php?id=CVE-2020-4576
IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428. IBM WebSphere Application Server versiones 7.5, 8.0, 8.5 y 9.0 tradicional podría permitir a un atacante remoto obtener información confidencial con una secuencia de objetos serializados especialmente diseñada. IBM X-Force ID: 184428 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184428 https://www.ibm.com/support/pages/node/6339807 •
CVSS: 3.3EPSS: 0%CPEs: 15EXPL: 0CVE-2020-4629
https://notcve.org/view.php?id=CVE-2020-4629
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un usuario local con acceso especializado obtener información confidencial a partir de un mensaje de error técnico detallado. Esta información podría ser usada en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/185370 https://www.ibm.com/support/pages/node/6339255 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4643
https://notcve.org/view.php?id=CVE-2020-4643
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/185590 https://www.ibm.com/support/pages/node/6334311 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4590
https://notcve.org/view.php?id=CVE-2020-4590
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650. IBM WebSphere Application Server Liberty versiones 17.0.0.3 hasta 20.0.0.9, ejecutando las funcionalidades de servidor oauth-2.0 o openidConnectServer-1.0, es vulnerable a un ataque de denegación de servicio conducido por un cliente autenticado. IBM X-Force ID: 184650 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184650 https://www.ibm.com/support/pages/node/6333623 •