Page 14 of 134 results (0.014 seconds)

CVSS: 6.8EPSS: 1%CPEs: 26EXPL: 0

The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. El componente Web Services Security en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.31 y v6.1 anterior a v6.1.0.19, cuando el Certificate Store Collections está configurado para usar las Certificate Revocation Lists (CRL), no llama al método setRevocationEnabled en el objeto PKIXBuilderParameters, que previene el "Java security method" desde la validación del estado de revocación de lso certificados X.509 y permite a atacantes remotos saltarse las restricciones de acceso establecidas a través de un mensaje SOAP con un certificado revocado. • http://secunia.com/advisories/32296 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61258 http://www.securityfocus.com/bid/31839 http://www.vupen.com/english/advisories/2008/2871 https://exchange.xforce.ibmcloud.com/vulnerabilities/46002 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0

Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. Vulnerabilidad sin especificar en Wsadmin en el cmponente System Management/Repository en IBM WebSphere Application Server (WAS) 5.1 anterior a 5.1.1.19, permite a atacantes remotos obtener información sensible a través de vectores relacionados con "propiedades previamente encriptadas" que no están encriptadas. • http://secunia.com/advisories/31149 http://secunia.com/advisories/31892 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61941 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.vupen.com/english/advisories/2008/2140 http://www.vupen.com/english/advisories/2008/2566 https://exchange.xforce.ibmcloud.com/vulnerabilities/45123 • CWE-310: Cryptographic Issues •

CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0

Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. Vulnerabilidad sin especificar en la Utilidad PropFilePasswordEncoder del componente Security en IBM WebSphere Application Server (WAS) 5.1 anterior a 5.1.1.19 tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/31149 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61436 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.securityfocus.com/bid/30280 http://www.securitytracker.com/id?1020528 http://www.vupen.com/english/advisories/2008/2140/references • CWE-255: Credentials Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 0

Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. Vulnerabilidad sin especificar del componente Web Services Security en Web Services Security (WAS) versiones 6.1 anteriores a la 6.1.0.17 tiene un impacto desconocido y vectores de ataque relacionados con un atributo de la cabecera de seguridad SOAP. • http://secunia.com/advisories/30526 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61315 http://www.securitytracker.com/id?1020168 http://www.vupen.com/english/advisories/2008/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/42822 •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors. Vulnerabilidad no especificada en la extensión (plugin) Java de IBM WebSphere Application Server 5.0.2 permite a applets no confiables conseguir privilegios a través de vectores no especificados. • http://secunia.com/advisories/29976 http://www-1.ibm.com/support/docview.wss?uid=swg1PK65161 http://www.securityfocus.com/bid/28997 http://www.securitytracker.com/id?1019956 http://www.vupen.com/english/advisories/2008/1411/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42116 •