CVSS: 6.1EPSS: 1%CPEs: 25EXPL: 0CVE-2009-0856
https://notcve.org/view.php?id=CVE-2009-0856
09 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Varias vulnerabilidades de tipo Cross-Site Scripting (XSS) en aplicaciones de muestra en IBM WebSphere Application Server (WAS) versión 6.0.2 anteriores a 6.0.2.35, y versión 6.1 anterior a 6.1.0.23 en z/OS, permiten a atacantes remotos inyectar script... • http://securitytracker.com/id?1021811 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 27%CPEs: 25EXPL: 2CVE-2009-0855 – IBM Websphere Application Server 6.1/7.0 - Administrative Console Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0855
09 Mar 2009 — Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en la consola administratica en IBM WebSphere Application Server (WAS) v6.1 anteriores v6.1.0.23 en z/OS, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de v... • https://packetstorm.news/files/id/170073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0504
https://notcve.org/view.php?id=CVE-2009-0504
17 Feb 2009 — WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. WSPolicy en el componente Web Services en IBM WebSphere Application Server (WAS) v7.0.x anterior a v7.0.0.1 no reconoce adecuadamente la propiedad de vínculo IDAssertion.isUsed, lo que permite a usuarios locales descubrir una contraseña leyendo un mensaje SOAP. • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4285
https://notcve.org/view.php?id=CVE-2008-4285
17 Feb 2009 — Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance." Vulnerabilidad sin especificar en la característica Performance Monitoring Infrastructure (PMI) en el componente Servlet Engine/Web Container en IBM WebS... • http://www-01.ibm.com/support/docview.wss?uid=swg24019260 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-0432
https://notcve.org/view.php?id=CVE-2009-0432
10 Feb 2009 — The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. El proceso de instalación en File Transfer servlet en el componente System Management/Repository en IBM WebSphere Application Server (WAS) v6.1.x anteriores a v6.1.0.19 no activa la versión segura, lo que permite a atacantes... • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 • CWE-16: Configuration •
CVSS: 8.1EPSS: 0%CPEs: 59EXPL: 0CVE-2009-0436
https://notcve.org/view.php?id=CVE-2009-0436
10 Feb 2009 — The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors. Los módulos (1) mod_ibm_ssl y (2) mod_cgid en IBM HTTP Server v6.0.x anteriores a v6.0.2.31 y v6.1.x anteriores a v6.1.0.19, tal y como se utiliza en WebSphere Application Server (WAS), ajusta incorrectamente los permisos para los sockets AF_UNIX, lo que... • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 109EXPL: 0CVE-2008-4284
https://notcve.org/view.php?id=CVE-2008-4284
10 Feb 2009 — Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. Vulnerabilidad de redirección abierta en ibm_security_logout servlet en IBM WebSphere Application Server (WAS) v5.1.1.19 y anteriores a las versiones v5.x, v6.0.x anterior a v6.0.2.33, y v6.1.x ant... • http://www-1.ibm.com/support/docview.wss?uid=swg21320242 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2009-0435
https://notcve.org/view.php?id=CVE-2009-0435
10 Feb 2009 — Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods. Vulnerabilidad inespecifica en la libreria IBM Asynchronous I/O (tambien conocido como AIO o libibmaio) en el componente Java Message Service (JMS) en IBM WebSphere Application Server (... • http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24019205 •
CVSS: 4.7EPSS: 0%CPEs: 56EXPL: 0CVE-2009-0434
https://notcve.org/view.php?id=CVE-2009-0434
10 Feb 2009 — PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413. PerfServlet en el componente PMI/Performance Tools de IBM WebSphere Application Server (WAS) v6.0.x anterior a v6.0.2.31, v6.1.x ... • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 73EXPL: 0CVE-2009-0433
https://notcve.org/view.php?id=CVE-2009-0433
10 Feb 2009 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down. Vulnerabilidad no especificada en IBM WebSphere Aplication Server (WAS) v5.1.x... • http://www-01.ibm.com/support/docview.wss?uid=swg1PK67161 •