CVE-2010-2639
https://notcve.org/view.php?id=CVE-2010-2639
IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." IBM WebSphere Commerce Enterprise 7.0 anteriores 7.0.0.2 permite a atacantes remotos leer mensajes previstos para otros destinatarios a través de vectores que involucran acceso por el sistema de mensajería fuera de línea a la clase RunTimeProfileCacheCmdImpl. Relacionado con el almacenamiento en caché de objetos cambiantes ("mutable") y temas de concurrencia. • http://www-01.ibm.com/support/docview.wss?uid=swg24028397 http://www-1.ibm.com/support/docview.wss?uid=swg1JR38114 http://www.securitytracker.com/id?1024845 https://exchange.xforce.ibmcloud.com/vulnerabilities/63406 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-2638
https://notcve.org/view.php?id=CVE-2010-2638
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. Una vulnerabilidad no especificada en IBM WebSphere MQ v7.0 antes de v7.0.1.5 permite a usuarios remotos autenticados causar una denegación de servicio (por consumo de disco) a través de vectores que provocan un FDC con un valor de Id en RM680004 Probe. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC71123 https://exchange.xforce.ibmcloud.com/vulnerabilities/63147 • CWE-399: Resource Management Errors •
CVE-2010-2637
https://notcve.org/view.php?id=CVE-2010-2637
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. IBM WebSphere MQ v6.0 anterior v6.0.2.9 y v7.0 anterior v7.0.1.1 no encripta el nombre de usuarios y password en el campos de parámetros de seguridad, lo que permite a atacantes remotos a obtener información sensible por captura de tráfico de red desde una aplicación cliente .NET. • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005 http://www-01.ibm.com/support/docview.wss?uid=swg27007069 http://www-01.ibm.com/support/docview.wss?uid=swg27014224 https://exchange.xforce.ibmcloud.com/vulnerabilities/63114 • CWE-310: Cryptographic Issues •
CVE-2010-0784
https://notcve.org/view.php?id=CVE-2010-0784
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Administrative Console in IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.13 permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores no espefificados. • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM17046 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23872 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/43874 http://www.vupen.com/english/advisories/2010/2595 https://exchange.xforce.ibmcloud.com/vulnerabilities/62948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4220
https://notcve.org/view.php?id=CVE-2010-4220
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Solución Integrada en el componente Administrative Console de IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.13 permite a los atacantes remotos inyectar código web o HTML a su elección a través de vectores no especificados, relativos en parte a "inyección URL". • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM11777 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •