Page 140 of 828 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 a la v6.1.0.24 y v7.0 a la v7.0.0.4, IBM WebSphere Portal Server v5.1 a la v6.0, e IBM Integrated Solutions Console (ISC) v6.0.1, no establecen adecuadamente la opción de seguridad IsSecurityEnabled durante la migración de WebSphere Member Manager (WMM) a Virtual Member Manager (VMM) y a Federated Repository, lo que permite a atacantes obtener información sensible de los repositorios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21375859 http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134 http://www.securityfocus.com/bid/35406 https://exchange.xforce.ibmcloud.com/vulnerabilities/50882 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0

The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors. El componente Security en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.35 permite ·métodos http no estándares" que tienen vectores de ataque e impacto desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg1PK73246 http://www.securityfocus.com/bid/35405 http://www.vupen.com/english/advisories/2009/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/51173 •

CVSS: 10.0EPSS: 15%CPEs: 14EXPL: 0

Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request. Desbordamiento de búfer en el gestor de cola en IBM WebSphere MQ v6.x anterior a v6.0.2.7 y v7.x anterior a v7.0.1.0, permite a atacantes remotos ejecutar código de su elección a través de una petición manipulada. • http://secunia.com/advisories/35303 http://securitytracker.com/id?1022311 http://www-01.ibm.com/support/docview.wss?uid=swg21386826 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ50784 http://www.securityfocus.com/bid/35170 http://www.vupen.com/english/advisories/2009/1463 https://exchange.xforce.ibmcloud.com/vulnerabilities/50641 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0

The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool. El Configservice APIs en el Administrative Console component en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.35, permite a atacantes obtener información sensible a través de vectores no especificados. • http://secunia.com/advisories/35301 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK84999 http://www.securityfocus.com/bid/35405 http://www.vupen.com/english/advisories/2009/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/51171 https://exchange.xforce.ibmcloud.com/vulnerabilities/52077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 1%CPEs: 33EXPL: 0

Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin." Vulnerabilidad sin especificar en el componente Management/Repository en IBM WebSphere Application Server (WAS) v6.0.2 anterior a 6.0.2.35 tiene un impacto y vectores de ataque desconocidos. Relacionado con "exposición de seguridad en wsadmin". • http://secunia.com/advisories/35301 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK77495 http://www.securityfocus.com/bid/35405 http://www.vupen.com/english/advisories/2009/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/51172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52075 •