CVSS: 5.4EPSS: 0%CPEs: 47EXPL: 0CVE-2013-6323
https://notcve.org/view.php?id=CVE-2013-6323
01 May 2014 — Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la consola de administración en IBM WebSphere Application Server (WAS) 7.x anterior a 7.0.0.33, 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 y WebSphere Virt... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0823
https://notcve.org/view.php?id=CVE-2014-0823
01 May 2014 — IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. IBM WebSphere Application Server (WAS) 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a atacantes remotos leer archivos arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2013-6325
https://notcve.org/view.php?id=CVE-2013-6325
16 Jan 2014 — IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8 y 8.5.x anteriores a 8.5.5.2 permite a atacantes remotos causar una denegacuón de servicio (consumo de recursos) a través de una petición manipulada al endpoint de servicios web. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99450 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 0CVE-2013-6725
https://notcve.org/view.php?id=CVE-2013-6725
16 Jan 2014 — Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad cross-site scripting (XSS) en Administrative Console de IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8, y 8.5.x anteriores a 8.5.5.2 permite a usuarios remotos autenticados inyectar... • http://osvdb.org/102119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0CVE-2013-5418
https://notcve.org/view.php?id=CVE-2013-5418
16 Nov 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la consola Administrative de IBM WebSphere Application Server (WAS) 7.0 anterior a la versión 7.0.0.31, 8.0 anterior a 8.0.0.8, y 8.5 anterior a la versión 8.5.5.1 permite a usuarios remotos autenticados inyectar scrip... • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 0CVE-2013-5417
https://notcve.org/view.php?id=CVE-2013-5417
16 Nov 2013 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data. Vulnerabilidad de XSS en IBM WebSphere Application Server (WAS) 7.0 anterior a la versión 7.0.0.31, 8.0 anterior a 8.0.0.8, y 8.5 anterior a la versión 8.5.5.1 permite a atacantes remotos inyectar script web o HTML arbitrario a través de datos de respuesta HTTP. • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4006
https://notcve.org/view.php?id=CVE-2013-4006
16 Nov 2013 — IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations. IBM WebSphere Application Server (WAS) Liberty Profile 8.5 anterior a 8.5.5.1 utiliza permisos débiles para archivos no especificados, lo que permite a usuarios locales obtener información sensible a través de operaciones estándar del sistema de archivos. • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 39EXPL: 0CVE-2013-5414
https://notcve.org/view.php?id=CVE-2013-5414
16 Nov 2013 — The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation. La funcionalidad de migración en IBM WebSphere Application Server (WAS) 7.0 antes 7.0.0.31, 8.0 antes 8.0.0.8, y 8.5 antes d... • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 87EXPL: 0CVE-2013-4053
https://notcve.org/view.php?id=CVE-2013-4053
20 Sep 2013 — The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors. La implementación WS-Security en IBM WebSphere Application (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteri... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 68EXPL: 0CVE-2013-4052
https://notcve.org/view.php?id=CVE-2013-4052
20 Sep 2013 — Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad cross-site scripting (XSS) en la consola administrativa UDDI de IBM WebSphere Application Server (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteriores a 7.0.0.31), 8.0 (anteriores a 8.0.0.8) y 8.5 (anteriores ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •