CVE-2017-1731
https://notcve.org/view.php?id=CVE-2017-1731
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría proporcionar seguridad más débil de la esperada al emplear la consola de administración. Un atacante remoto autenticado podría explotar esta vulnerabilidad para obtener privilegios elevados. • http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R http://www.securityfocus.com/bid/102911 http://www.securitytracker.com/id/1040356 https://exchange.xforce.ibmcloud.com/vulnerabilities/134912 •
CVE-2017-1503
https://notcve.org/view.php?id=CVE-2017-1503
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a ataques de división de respuestas HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg22006815 http://www.securityfocus.com/bid/101234 http://www.securitytracker.com/id/1039521 https://exchange.xforce.ibmcloud.com/vulnerabilities/129578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0110
https://notcve.org/view.php?id=CVE-2015-0110
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. IBM Business Process Manager (BPM) 7.5.x, 8.0.x y 8.5.x y WebSphere Lombardi Edition (WLE) 7.2.x permiten que usuarios autenticados remotos omitan las restricciones de acceso establecidas en tipos de servicios internos mediante vectores relacionados con la URL executeServiceByName. • http://www.securityfocus.com/bid/73274 https://www-304.ibm.com/support/docview.wss?uid=swg21694940 • CWE-284: Improper Access Control •
CVE-2017-1380
https://notcve.org/view.php?id=CVE-2017-1380
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22004786 http://www.securityfocus.com/bid/99961 http://www.securitytracker.com/id/1038978 https://exchange.xforce.ibmcloud.com/vulnerabilities/127151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1382
https://notcve.org/view.php?id=CVE-2017-1382
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. IBM WebSphere Application Server versión 7.0,versión 8.0,versión 8.5 y versión 9.0 podría crear archivos usando los permisos por defecto en lugar de los permisos personalizados cuando se usan scripts de inicio personalizados. Un atacante local podría explotar esto para obtener acceso a archivos con un impacto desconocido. • http://www.ibm.com/support/docview.wss?uid=swg22004785 http://www.securityfocus.com/bid/99960 http://www.securitytracker.com/id/1038977 https://exchange.xforce.ibmcloud.com/vulnerabilities/127153 • CWE-276: Incorrect Default Permissions •