CVE-2017-1788
https://notcve.org/view.php?id=CVE-2017-1788
IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031. Las instalaciones de IBM WebSphere Application Server 9 que emplean Form Login podrían permitir que un atacante remoto lleve a cabo ataques de suplantación. IBM X-Force ID: 137031. • http://www.ibm.com/support/docview.wss?uid=swg22012341 http://www.securityfocus.com/bid/103497 https://exchange.xforce.ibmcloud.com/vulnerabilities/137031 •
CVE-2017-1731
https://notcve.org/view.php?id=CVE-2017-1731
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría proporcionar seguridad más débil de la esperada al emplear la consola de administración. Un atacante remoto autenticado podría explotar esta vulnerabilidad para obtener privilegios elevados. • http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R http://www.securityfocus.com/bid/102911 http://www.securitytracker.com/id/1040356 https://exchange.xforce.ibmcloud.com/vulnerabilities/134912 •
CVE-2017-1501
https://notcve.org/view.php?id=CVE-2017-1501
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. IBM WebSphere Application Server 8.0, 8.5 y 9.0 podría proporcionar una seguridad más débil de lo esperado después de usar la consola de administrador para actualizar la configuración de seguridad de los servicios web. IBM X-Force ID: 129576. • http://www.ibm.com/support/docview.wss?uid=swg22006810 http://www.securityfocus.com/bid/100394 http://www.securitytracker.com/id/1039199 https://exchange.xforce.ibmcloud.com/vulnerabilities/129576 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-1504
https://notcve.org/view.php?id=CVE-2017-1504
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. IBM WebSphere Application Server en su versión 9.0.0.4 podría ofrecer una seguridad más débil después de usar el comando PasswordUtil para activar el cifrado de contraseñas AES. IBM X-Force ID: 129579. • http://www.ibm.com/support/docview.wss?uid=swg22006803 http://www.securityfocus.com/bid/100137 https://exchange.xforce.ibmcloud.com/vulnerabilities/129579 •
CVE-2017-1380
https://notcve.org/view.php?id=CVE-2017-1380
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22004786 http://www.securityfocus.com/bid/99961 http://www.securitytracker.com/id/1038978 https://exchange.xforce.ibmcloud.com/vulnerabilities/127151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •