CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1621
https://notcve.org/view.php?id=CVE-2018-1621
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante local obtenga contraseñas en texto claro en un archivo trace provocado por la gestión incorrecta de algunas propiedades datasource personalizadas. IBM X-Force ID: 144346. • http://www.ibm.com/support/docview.wss?uid=swg22016821 http://www.securitytracker.com/id/1041226 https://exchange.xforce.ibmcloud.com/vulnerabilities/144346 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1553
https://notcve.org/view.php?id=CVE-2018-1553
IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890. IBM WebSphere Application Server Liberty en versiones anteriores a la 18.0.0.2 podría permitir que un atacante remoto obtenga información sensible. Esto viene provocado por la gestión incorrecta de excepciones por parte de la característica SAML Web SSO. IBM X-Force ID: 142890. • http://www.ibm.com/support/docview.wss?uid=swg22016218 http://www.securityfocus.com/bid/104585 https://exchange.xforce.ibmcloud.com/vulnerabilities/142890 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1614
https://notcve.org/view.php?id=CVE-2018-1614
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 que utilizan respuestas SAML mal formadas desde el proveedor de identidad SAML podría permitir que un atacante remoto obtenga información sensible. IBM X-Force ID: 144270. • http://www.securitytracker.com/id/1041168 https://exchange.xforce.ibmcloud.com/vulnerabilities/144270 https://www-01.ibm.com/support/docview.wss?uid=swg22016887https://www-01.ibm.com/support/docview.wss?uid=swg22016887 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3024
https://notcve.org/view.php?id=CVE-2013-3024
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. IBM WebSphere Application Server (WAS) de la versión 8.5 hasta la 8.5.0.2 en UNIX permite que usuarios locales obtengan privilegios aprovechando la inicialización incorrecta de procesos. IBM X-Force ID: 84362. • http://www-01.ibm.com/support/docview.wss?&uid=swg21639553 https://exchange.xforce.ibmcloud.com/vulnerabilities/84362 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1743
https://notcve.org/view.php?id=CVE-2017-1743
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto obtenga información sensible provocado por la gestión incorrecta de los campos del panel Administrative Console. Al explotarse, un atacante podría navegar por el sistema de archivos. • http://www.ibm.com/support/docview.wss?uid=swg22013601 http://www.securityfocus.com/bid/104134 http://www.securitytracker.com/id/1040890 https://exchange.xforce.ibmcloud.com/vulnerabilities/134933 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •