CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2009-4052
https://notcve.org/view.php?id=CVE-2009-4052
Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en JSF Widget Library Runtime de IBM Rational Application Developer de WebSphere Software en versiones anteriores a la v7.0.0.10 y Rational Software Architect en versiones anteriores a la v7.0.0.10 permiten a los usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque que involucran (1) JSF Tree Control y (2) JavaScript Resource Servlet. • http://secunia.com/advisories/37442 http://www-01.ibm.com/support/docview.wss?uid=swg1PK90616 http://www-01.ibm.com/support/docview.wss?uid=swg1PK94324 http://www-01.ibm.com/support/docview.wss?uid=swg27012378 http://www-01.ibm.com/support/docview.wss?uid=swg27012558 http://www.osvdb.org/60319 http://www.securityfocus.com/bid/37083 https://exchange.xforce.ibmcloud.com/vulnerabilities/54360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 59EXPL: 0CVE-2009-2746
https://notcve.org/view.php?id=CVE-2009-2746
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la consola de administración en el componente Security en IBM WebSphere Application Server (WAS) v6.0.2 anteriores a v6.0.2.39, v6.1 anteriores a v6.1.0.29, y v7.0 anteriores a v7.0.0.7 permite a atacantes remotos secuestrar la autenticación de administradores mediante vectores no especificados. • http://secunia.com/advisories/37221 http://www-01.ibm.com/support/docview.wss?uid=swg1PK87176 http://www-01.ibm.com/support/docview.wss?uid=swg1PK99477 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 https://exchange.xforce.ibmcloud.com/vulnerabilities/54227 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2009-2744
https://notcve.org/view.php?id=CVE-2009-2744
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25." Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.27 permite a atacantes remotos provocar una denegación de servicio mediante vectores desconocidos, relacionado con "un error en fixpacks v6.1.0.23 y v6.1.0.25". • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK91709 http://www.vupen.com/english/advisories/2009/2721 https://exchange.xforce.ibmcloud.com/vulnerabilities/53344 •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2009-2742
https://notcve.org/view.php?id=CVE-2009-2742
Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la ayuda de Eclipse del servidor de aplicaciones IBM WebSphere (WAS) en versiones v6.1 anteriores a la v 6.1.0.27 permite a usuarios remotos inyectar codigo de script web o código HTML a través de una entrada sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK78917 http://www.vupen.com/english/advisories/2009/2721 https://exchange.xforce.ibmcloud.com/vulnerabilities/53342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 22EXPL: 0CVE-2009-2743
https://notcve.org/view.php?id=CVE-2009-2743
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. En WebSphere Application Server (WAS) de IBM versiones 6.1 anteriores a 6.1.0.27 y versiones 7.0 anteriores a 7.0.0.7, no manejan apropiadamente una excepción que se produce después del uso de scripts wsadmin y la configuración de JAAS-J2C Authentication Data, que permite a los usuarios locales obtener información confidencial mediante la lectura del archivo de registro de First Failure Data Capture (FFDC). • http://secunia.com/advisories/37796 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK86137 http://www.vupen.com/english/advisories/2009/2721 https://exchange.xforce.ibmcloud.com/vulnerabilities/53343 •