CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1194
https://notcve.org/view.php?id=CVE-2017-1194
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 son vulnerables a falsificación de petición en sitios cruzados (CSRF) lo que podría permitir a un atacante ejecutar acciones malintencionadas y no autorizadas transmitidas a través de un usuario que confía en el sitio web. IBM X-Force ID: 123669. • http://www.ibm.com/support/docview.wss?uid=swg22001226 http://www.securityfocus.com/bid/98142 http://www.securitytracker.com/id/1038378 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1121
https://notcve.org/view.php?id=CVE-2017-1121
IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743 IBM WebSphere Application Server 7.0, 8.0 y 9.0 es vulnerable a las secuencias de comandos en sitios cruzados. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista conduciendo potencialmente a la divulgación de credenciales dentro de una sesión de confianza. IBM Reference #: 1997743 • http://www.ibm.com/support/docview.wss?uid=swg21997743 http://www.securityfocus.com/bid/96164 http://www.securitytracker.com/id/1037806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-8919
https://notcve.org/view.php?id=CVE-2016-8919
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. IBM WebSphere Application Server puede ser vulnerable a una denegación de servicio, provocada al permitir que los objetos serializados de fuentes no fiables se ejecuten y causen el consumo de recursos. • http://www.ibm.com/support/docview.wss?uid=swg21993797 http://www.securityfocus.com/bid/95650 http://www.securitytracker.com/id/1037710 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0378
https://notcve.org/view.php?id=CVE-2016-0378
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. IBM WebSphere Application Server (WAS) Liberty en versiones anteriores a 16.0.0.3, cuando la instalación carece de una página de error predeterminada, permite a atacantes remotos obtener información sensible desencadenando una excepción. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI54459 http://www-01.ibm.com/support/docview.wss?uid=swg21981529 http://www.securityfocus.com/bid/93143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 66EXPL: 0CVE-2016-0377
https://notcve.org/view.php?id=CVE-2016-0377
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors. La Administrative Console en IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.x en versiones anteriores a 8.0.0.13 y 8.5.x en versiones anteriores a 8.5.5.10 no maneja correctamente las cookies CSRFtoken, lo que permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI56917 http://www-01.ibm.com/support/docview.wss?uid=swg21980645 http://www.securityfocus.com/bid/92514 http://www.securitytracker.com/id/1036653 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •