CVSS: 3.3EPSS: 0%CPEs: 15EXPL: 0CVE-2020-4629
https://notcve.org/view.php?id=CVE-2020-4629
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un usuario local con acceso especializado obtener información confidencial a partir de un mensaje de error técnico detallado. Esta información podría ser usada en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/185370 https://www.ibm.com/support/pages/node/6339255 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4578
https://notcve.org/view.php?id=CVE-2020-4578
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista lo que puede conducir a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/184433 https://www.ibm.com/support/pages/node/6328895 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9412 – TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2020-9412
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0. El componente file transfer de TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc, contiene una vulnerabilidad que teóricamente permite una ejecución de comandos arbitraria en el nivel de privilegio del sistema afectado después de una transferencia de archivos fallida. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-9411 – TIBCO Managed File Transfer Platform Server for IBM i Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-9411
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411 •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4345
https://notcve.org/view.php?id=CVE-2020-4345
IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318. Los usuarios de IBM i versiones 7.2, 7.3 y 7.4, que ejecutan sentencias SQL complejas bajo un conjunto específico de circunstancias pueden permitir a un usuario local obtener información confidencial a la que no debería tener acceso. IBM X-Force ID: 178318. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178318 https://www.ibm.com/support/pages/node/6208661 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •