CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2009-0439
https://notcve.org/view.php?id=CVE-2009-0439
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. Vulnerabilidad no especificada en el gestor de cola de IBM WebSphere MQ (WMQ) v5.3, v6.0 anterior a v6.0.2.6 y v7.0 anterior a v7.0.0.2; permite a usuarios locales obtener privilegios a través de vectores relacionados con los comandos de autorización (1) setmqaut, (2) dmpmqaut y (3) dspmqaut. • http://osvdb.org/52297 http://secunia.com/advisories/34034 http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824 http://www.securityfocus.com/bid/33857 https://exchange.xforce.ibmcloud.com/vulnerabilities/48529 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2009-0440
https://notcve.org/view.php?id=CVE-2009-0440
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." IBM WebSphere Partner Gateway (WPG) v6.0.0 hasta v6.0.0.7 no gestiona adecuadamente los fallos de verificación de firma, lo que permite a usuarios remotos autenticados enviar un documento RosettaNet (también conocido como RNIF) manipulado a una aplicación de administración, relacionado con (1) "contenido de servicio alterado" y (2) "foot-print de firma digital". • http://secunia.com/advisories/33994 http://www-01.ibm.com/support/docview.wss?uid=swg21330341 http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231 http://www.securityfocus.com/bid/33839 https://exchange.xforce.ibmcloud.com/vulnerabilities/48530 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4285
https://notcve.org/view.php?id=CVE-2008-4285
Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, when a component statistic is enabled, allows attackers to cause a denial of service (daemon crash) via vectors related to "a gradual degradation in performance." Vulnerabilidad sin especificar en la característica Performance Monitoring Infrastructure (PMI) en el componente Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) v6.1.x anterior a v6.1.0.19, cunado un componente estático está habilitado, permite a atacantes provocar una denegación de servicio (caída del demonio) a través de vectores relacionados con "una degradación progresiva en el rendimiento." • http://www-01.ibm.com/support/docview.wss?uid=swg24019260 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 https://exchange.xforce.ibmcloud.com/vulnerabilities/48698 • CWE-399: Resource Management Errors •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0504
https://notcve.org/view.php?id=CVE-2009-0504
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. WSPolicy en el componente Web Services en IBM WebSphere Application Server (WAS) v7.0.x anterior a v7.0.0.1 no reconoce adecuadamente la propiedad de vínculo IDAssertion.isUsed, lo que permite a usuarios locales descubrir una contraseña leyendo un mensaje SOAP. • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK73573 https://exchange.xforce.ibmcloud.com/vulnerabilities/48700 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0503
https://notcve.org/view.php?id=CVE-2009-0503
IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. IBM WebSphere Message Broker v6.1.x anteriores a v6.1.0.2 escribe la contraseña de conexión a la base de datos en el registro de eventos y en el registro del sistema cuando maneja una excepción por un error JDBC, permitiendo a usuarios locales obtener información sensible al leer estos ficheros de registro. • http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431 http://www-1.ibm.com/support/docview.wss?uid=swg1IC55298 http://www.securityfocus.com/bid/33819 http://www.securitytracker.com/id?1021735 http://www.vupen.com/english/advisories/2009/0460 https://exchange.xforce.ibmcloud.com/vulnerabilities/48642 • CWE-255: Credentials Management Errors •