CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2956
https://notcve.org/view.php?id=CVE-2009-2956
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. Los componentes (1) Net.Commerce y (2) Net.Data en IBM WebSphere Commerce Suite almacenan información sensible en el directorio web raíz con un control de acceso insuficiente, permitiendo a atacantes remotos descubrir contraseñas, y detalles de la base de datos y el sistema de ficheros, mediante una petición directa a los ficheros de configuración. • https://exchange.xforce.ibmcloud.com/vulnerabilities/52616 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2090
https://notcve.org/view.php?id=CVE-2009-2090
Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors. Vulnerabilidad no especificada en wsadmin en el componente System Management/Repository en IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.5, permite a los atacantes remotos evitar las restricciones de acceso previstas para Java Management Extensions (JMX) Management Beans (aka MBeans), y causar una denegación de servicios (parada del demonio), a través de vectores desconocidos. • http://secunia.com/advisories/34461 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK86328 http://www.securityfocus.com/bid/36153 https://exchange.xforce.ibmcloud.com/vulnerabilities/52082 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2092
https://notcve.org/view.php?id=CVE-2009-2092
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.5 no lee apropiadamente el parámetro portletServingEnabled en ibm-portlet-ext.xmi, lo que permite a los atacantes remotos evitar las restricciones de acceso previstas a través de vectores desconocidos. • http://secunia.com/advisories/34461 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK89385 http://www.securityfocus.com/bid/36155 https://exchange.xforce.ibmcloud.com/vulnerabilities/52375 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2008-6973
https://notcve.org/view.php?id=CVE-2008-6973
Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors. Vulnerabilidad mútiple no especificada en IBM WebSphere Commerce v6.0 anteriores a v6.0.0.7 tienen un impacto desconocido y vector de ataque. • http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/topic/com.ibm.commerce.admin.doc/refs/rig_new_and_changed.htm http://www-01.ibm.com/support/docview.wss?uid=swg24021397 http://www-1.ibm.com/support/docview.wss?uid=swg1LI74127 https://exchange.xforce.ibmcloud.com/vulnerabilities/53084 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2009-2093
https://notcve.org/view.php?id=CVE-2009-2093
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola en IBM WebSphere Partner Gateway (WPG) Enterprise v6.0 anteriores a FP8, v6.1 anteriores a FP3, v6.1.1 anteriores a FP2, y v6.2 anteriores FP1 permite a los usuarios remotos autenticados ejecutar arbitrariamente comandos SQL a través de vectores no especificados. • http://secunia.com/advisories/36295 http://www-01.ibm.com/support/docview.wss?uid=swg21382117 http://www-1.ibm.com/support/docview.wss?uid=swg1JR32386 http://www-1.ibm.com/support/docview.wss?uid=swg1JR32607 http://www-1.ibm.com/support/docview.wss?uid=swg1JR32608 http://www-1.ibm.com/support/docview.wss? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •