CVE-2016-8934
https://notcve.org/view.php?id=CVE-2016-8934
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM WebSphere Application Server es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21995995 http://www.securityfocus.com/bid/95154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-0378
https://notcve.org/view.php?id=CVE-2016-0378
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. IBM WebSphere Application Server (WAS) Liberty en versiones anteriores a 16.0.0.3, cuando la instalación carece de una página de error predeterminada, permite a atacantes remotos obtener información sensible desencadenando una excepción. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI54459 http://www-01.ibm.com/support/docview.wss?uid=swg21981529 http://www.securityfocus.com/bid/93143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5983 – IBM WebSphere 7 / 8 / 8.5 / 9 Deserialization Issue
https://notcve.org/view.php?id=CVE-2016-5983
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object. IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 en versiones anteriores a 8.5.5.11, 9.0 en versiones anteriores a 9.0.0.2 y Liberty en versiones anteriores a 16.0.0.4 permite a usuarios remotos autenticados ejecutar código Java arbitrario a través de un objeto serializado manipulado. IBM WebSphere versions 7, 8, 8.5, and 9 deserialize untrusted data. This can lead to denial of service and remote code execution vulnerabilities. • https://github.com/BitWrecker/CVE-2016-5983 http://www-01.ibm.com/support/docview.wss?uid=swg1PI62375 http://www.securityfocus.com/bid/93162 https://www-01.ibm.com/support/docview.wss?uid=swg21990060 • CWE-284: Improper Access Control •
CVE-2016-5986
https://notcve.org/view.php?id=CVE-2016-5986
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.x en versiones anteriores a 8.0.0.13, 8.5.x en versiones anteriores a 8.5.5.11, 9.0.x en versiones anteriores a 9.0.0.2 y Liberty en versiones anteriores a 16.0.0.3 maneja respuestas de manera incorrecta, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67093 http://www-01.ibm.com/support/docview.wss?uid=swg21990056 http://www.securityfocus.com/bid/93013 http://www.securitytracker.com/id/1036838 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-0385
https://notcve.org/view.php?id=CVE-2016-0385
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. Desbordamiento de búfer en IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 en versiones anteriores a 8.5.5.10, 9.0 en versiones anteriores a 9.0.0.1 y Liberty en versiones anteriores a 16.0.0.3, cuando HttpSessionIdReuse está activado, permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI60026 http://www-01.ibm.com/support/docview.wss?uid=swg21982588 http://www.securityfocus.com/bid/92505 http://www.securitytracker.com/id/1036654 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •