CVSS: 5.9EPSS: 0%CPEs: 46EXPL: 0CVE-2011-1209
https://notcve.org/view.php?id=CVE-2011-1209
04 May 2011 — IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." El servidor de aplicaciones IBM WebSphere (WAS) 6.1 anteriores a 6.1.0.39 y 7.0 anteriores a 7.0.0.17 utiliza un algoritmo de encriptación XML WS-Security débil, lo que facilita a atacantes remotos o... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM34841 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 1%CPEs: 100EXPL: 0CVE-2011-1683
https://notcve.org/view.php?id=CVE-2011-1683
13 Apr 2011 — IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. IBM WebSphere Application Server (WAS) v6.0.x hasta v6.0.2.43, v6.1.x anterior a v6.1.0.37, y v7.0.x anterior a v7.0.0.17 sobre z/OS, cuando un usuario registrado en Locla OS o Federated Repository con adaptador RACF está us... • http://secunia.com/advisories/43965 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1314
https://notcve.org/view.php?id=CVE-2011-1314
08 Mar 2011 — The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager. El motor de mensajería Service Integration Bus (SIB) de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (bloqueo del demonio) mediante la realización de las operaciones de cierre a través... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM19834 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1316
https://notcve.org/view.php?id=CVE-2011-1316
08 Mar 2011 — The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages. El proxy Session Initiation Protocol (SIP) en el componente de transporte HTTP de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (agotamiento de los hilo de trabajo y c... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23115 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1311
https://notcve.org/view.php?id=CVE-2011-1311
08 Mar 2011 — The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. El componente Security en IBM WebSphere Application Server (WAS) anterior a v7.0.0.15, cuando se usa una aplicación J2EE 1.4, determi... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM25455 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 30EXPL: 0CVE-2011-1312
https://notcve.org/view.php?id=CVE-2011-1312
08 Mar 2011 — The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. El componente Administrative Console de IBM WebSphere Application Server (WAS) v6.1.0.x anterior a v6.1.0.31 y v7.x anteriores a v7.0.0.15 no impide que las modificaciones de la id... • http://www-01.ibm.com/support/docview.wss?uid=swg1PK88606 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2011-1322
https://notcve.org/view.php?id=CVE-2011-1322
08 Mar 2011 — The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages. La implementación de SOAP con adjuntos para la API Java (SAAJ) en el componente de servicios Web en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.37 y v7.x antes de v7.0.0.15, permite a atacantes remotos provoc... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1318
https://notcve.org/view.php?id=CVE-2011-1318
08 Mar 2011 — Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted. Pérdida de memoria en org.apache.jasper.runtime.JspWriterImpl.response en el componente JavaServer Pages (JSP) de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1307
https://notcve.org/view.php?id=CVE-2011-1307
08 Mar 2011 — The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. El programa de instalación de IBM WebSphere Application Server (WAS) anterior a v7.0.0.15 utiliza permisos 777 para un directorio de registro temporal, lo que permite a los usuarios locales a tener acceso a los archivos de registro a través d... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM20021 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2011-1310
https://notcve.org/view.php?id=CVE-2011-1310
08 Mar 2011 — The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. El componente Administrative Scripting Tools en IBM WebSphere Application Server (WAS) v6.1.0.x anterior a v6.1.0.35 y v7.x anterior a v7.0.0.15, cuando el seguimiento e... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM18736 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •