CVSS: 6.1EPSS: 0%CPEs: 68EXPL: 0CVE-2013-4052
https://notcve.org/view.php?id=CVE-2013-4052
20 Sep 2013 — Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad cross-site scripting (XSS) en la consola administrativa UDDI de IBM WebSphere Application Server (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteriores a 7.0.0.31), 8.0 (anteriores a 8.0.0.8) y 8.5 (anteriores ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2013-0597
https://notcve.org/view.php?id=CVE-2013-0597
21 Aug 2013 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0 cuando se utiliza OAuth, permite a usuarios remotos autenticados inyectar secuenci... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM85834 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 72EXPL: 0CVE-2013-2976
https://notcve.org/view.php?id=CVE-2013-2976
21 Aug 2013 — The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors. La consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0 no realiza correctamente el almacenamiento en caché, lo que permit... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM79992 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 73EXPL: 0CVE-2013-3029
https://notcve.org/view.php?id=CVE-2013-3029
21 Aug 2013 — Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Vulnerabilidad CSRF (Cross-site request forgery) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 72EXPL: 0CVE-2013-2967
https://notcve.org/view.php?id=CVE-2013-2967
21 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0, permi... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM78614 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 73EXPL: 0CVE-2013-4005
https://notcve.org/view.php?id=CVE-2013-4005
21 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88208 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0CVE-2013-0482
https://notcve.org/view.php?id=CVE-2013-0482
29 May 2013 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.29, 8.0 anterior a 8.0.0.6, y 8.5 a la 8.5.0.2 y Web... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185 •
CVSS: 8.1EPSS: 0%CPEs: 65EXPL: 0CVE-2013-0543
https://notcve.org/view.php?id=CVE-2013-0543
24 Apr 2013 — IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes v7.0.0.29, v8.0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux, Solaris y HP-UX, cuando se utiliza un registro Loc... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 0CVE-2013-0542
https://notcve.org/view.php?id=CVE-2013-0542
24 Apr 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 57EXPL: 0CVE-2013-0544
https://notcve.org/view.php?id=CVE-2013-0544
24 Apr 2013 — Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. Vulnerabilidad de salto de directorio en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes de v7.0.0.29, v8,0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux y UNIX permite a us... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •