CVSS: 5.5EPSS: 0%CPEs: 57EXPL: 0CVE-2013-0541
https://notcve.org/view.php?id=CVE-2013-0541
24 Apr 2013 — Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors. Desbordamiento de búfer en IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.5.0.2 en Windows, cuando se u... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 0CVE-2013-0542
https://notcve.org/view.php?id=CVE-2013-0542
24 Apr 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 65EXPL: 0CVE-2013-0543
https://notcve.org/view.php?id=CVE-2013-0543
24 Apr 2013 — IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes v7.0.0.29, v8.0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux, Solaris y HP-UX, cuando se utiliza un registro Loc... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 57EXPL: 0CVE-2013-0544
https://notcve.org/view.php?id=CVE-2013-0544
24 Apr 2013 — Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. Vulnerabilidad de salto de directorio en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes de v7.0.0.29, v8,0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux y UNIX permite a us... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 50EXPL: 0CVE-2013-0458
https://notcve.org/view.php?id=CVE-2013-0458
27 Jan 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.27, v8.0 anterior a v8.0.0... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 50EXPL: 0CVE-2013-0459
https://notcve.org/view.php?id=CVE-2013-0459
27 Jan 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47, 7,0 antes de 7.0.0.27, 8,0 antes de 8.0.0.6 y 8.5 antes de 8.5.0.2 que permite a atacantes remotos inye... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM72536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2013-0462
https://notcve.org/view.php?id=CVE-2013-0462
27 Jan 2013 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) v6,1, v7,0 antes de v7.0.0.27, v8.0, y v8.5 tiene un impacto desconocido y vectores de ataque. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785 •
CVSS: 6.1EPSS: 0%CPEs: 50EXPL: 0CVE-2013-0461
https://notcve.org/view.php?id=CVE-2013-0461
27 Jan 2013 — Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en el Virtual Member Manager (VMM) de la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47, v7.0.0.27 antes de v7,0, v8,0 antes de ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2012-3330
https://notcve.org/view.php?id=CVE-2012-3330
14 Nov 2012 — The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request. El servidor proxy en IBM WebSphere Application Server v7.0 antes de v7.0.0.27, v8.0 antes de v8.0.0.5 y v8.5 antes de v8.5.0.1 y WebSphere Virtual Enterprise, permite a atacantes remotos provocar una denegación de servicio (parada del demonio) a través de una solicitu... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71319 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4851
https://notcve.org/view.php?id=CVE-2012-4851
14 Nov 2012 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM WebSphere Application Server v8.5 Liberty Profile antes de v8.5.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URI diseñada para tal fin. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM68643 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •