CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2014-8890
https://notcve.org/view.php?id=CVE-2014-8890
18 Dec 2014 — IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations. IBM WebSphere Application Server Liberty Profile 8.5.x anterior a 8.5.5.4 permite a atacantes remotos conseguir privilegios usando la combinación de restricciones de seguridad en los descriptores de despliegue de servlets y anotaciones ServletSecurity. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI29911 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 57EXPL: 0CVE-2014-3021
https://notcve.org/view.php?id=CVE-2014-3021
19 Oct 2014 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10, y 8.5 anterior a 8.5.5.4 no maneja correctamente las cabeceras HTTP, lo que permite a atacantes remotos obtener datos sensibles de cookies y la autenticación a través ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI08268 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 120EXPL: 0CVE-2014-4770
https://notcve.org/view.php?id=CVE-2014-4770
23 Sep 2014 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10, y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitr... • http://secunia.com/advisories/61418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 120EXPL: 0CVE-2014-4816
https://notcve.org/view.php?id=CVE-2014-4816
23 Sep 2014 — Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en la consola de administración en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10 y 8.5 anterior a ... • http://secunia.com/advisories/61418 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2014-4764
https://notcve.org/view.php?id=CVE-2014-4764
22 Aug 2014 — IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors. IBM WebSphere Application Server (WAS) 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.3, cuando Load Balancer para IPv4 Dispatcher está habilitado, permite a atacantes remotos causar una denegación de servicio (caída de Load Balancer) a través de vectores no especificad... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI21189 •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2014-4767
https://notcve.org/view.php?id=CVE-2014-4767
22 Aug 2014 — IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors. IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x anterior a 8.5.5.3 no utiliza debidamente el repositorio Liberty para la instalación de funcionalidades, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especifica... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI21284 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2014-3022
https://notcve.org/view.php?id=CVE-2014-3022
22 Aug 2014 — IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9, y 8.5.x anterior a 8.5.5.3 permite a atacantes remotos obtener información sensible a través de una URL manipulada que provoca una condición de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI09594 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 16EXPL: 0CVE-2014-3070
https://notcve.org/view.php?id=CVE-2014-3070
22 Aug 2014 — The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task en IBM WebSphere Application Server (WAS) 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.3 no crea cuentas debidamente, lo que permite a atacantes remot... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2014-3083
https://notcve.org/view.php?id=CVE-2014-3083
22 Aug 2014 — IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.35, 8.0.x anterior a 8.0.0.10, y 8.5.x anterior a 8.5.5.3 no restringe debidamente el acceso a recursos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI17768 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2014-0965
https://notcve.org/view.php?id=CVE-2014-0965
22 Aug 2014 — IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9, y 8.5.x anterior a 8.5.5.3 permite a atacantes remotos obtener información sensible a través de una respuesta SOAP manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI11434 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •