CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-2923
https://notcve.org/view.php?id=CVE-2016-2923
07 Jul 2016 — IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. IBM WebSphere Application Server (WAS) 8.5 hasta la versión 8.5.5.9 Liberty hasta la versión Liberty Fix Pack 16.0.0.2 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para una cookie ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI61936 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 61EXPL: 0CVE-2016-0359
https://notcve.org/view.php?id=CVE-2016-0359
03 Jul 2016 — CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Vulnerabilidad de inyección CRLF en IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 Full en versiones anteriores a 8.5.5.10 y 8.5... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI58918 •
CVSS: 5.9EPSS: 0%CPEs: 49EXPL: 0CVE-2016-0306
https://notcve.org/view.php?id=CVE-2016-0306
17 May 2016 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.41, 8.0 en versiones anteriores a 8.0.0.13 y 8.5 en versiones anteriores a 8.5.5.10, cuando FIPS 140-2 está activado, configura incorrectamente TLS, lo que permite a atacantes man-in-the... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI56190 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-0283
https://notcve.org/view.php?id=CVE-2016-0283
19 Mar 2016 — Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la aplicación web del cliente OpenID Connect (OIDC) en IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 en versiones anteriores a 8.5.5.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI58003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 1%CPEs: 14EXPL: 0CVE-2015-5041 – JDK: J9 JVM allows code to invoke non-public interface methods
https://notcve.org/view.php?id=CVE-2015-5041
02 Feb 2016 — The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. El JVM J9 en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP20, 6 R1 en versiones anteriores a SR8 FP20, 7 en versiones anteriores a SR9 FP30 y 7 R1 en versiones anteriores a SR3 FP30 permite a atacantes remotos obtener información sensible o in... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 47EXPL: 0CVE-2015-7417
https://notcve.org/view.php?id=CVE-2015-7417
23 Jan 2016 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider. Vulnerabilidad de XSS en IBM WebSphere Application Server 7.0 en versiones anteriores a 7.0.0.41, 8.0 en versiones anteriores a 8.0.0.12 y 8.5 en versiones anteriores a 8.5.5.9 permite a usuarios remotos autenticados inyectar secuencias de comandos web o H... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI49272 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 97%CPEs: 21EXPL: 2CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
https://notcve.org/view.php?id=CVE-2015-7450
02 Jan 2016 — Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrario... • https://packetstorm.news/files/id/141631 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2015-5004
https://notcve.org/view.php?id=CVE-2015-5004
15 Dec 2015 — The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors. El Edge Component Caching Proxy en IBM WebSphere Application Server (WAS) 8.0 en versiones anteriores a 8.0.0.12 y 8.5 en versiones anteriores a 8.5.5.8 no cifra los datos adecuadamente, lo que permite a usuarios remotos autenticados obtener información sensible a ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI41476 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 84EXPL: 0CVE-2015-2017
https://notcve.org/view.php?id=CVE-2015-2017
08 Nov 2015 — CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Vulnerabilidad de inyección CRLF en IBM WebSphere Application Server (WAS) 6.1 hasta la versión 6.1.0.47, 7.0 en versiones anteriores a 7.0.0.39, 8.0 en versiones anteriores a 8.0.0.12 y 8.5 en versiones anteriores a 8.5.5.8 permite a... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI45266 •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2015-1932
https://notcve.org/view.php?id=CVE-2015-1932
22 Aug 2015 — IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header. Vulnerabilidad en IBM WebSpher Application Server en 7.x en versiones anteriores a 7.0.0.39, 8.0.x en versiones anteriores a 8.0.0.11, 8.5.x en versiones anteriores a 8.5.5.7 y WebSphere Virtual Enterprise en versiones anteriores a... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI38403 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •