Page 18 of 424 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a denegaciones de servicio causadas por una gestión inadecuada de las cabeceras de peticiones. Un atacante remoto podría explotar esta vulnerabilidad para provocar un consumo de memoria. • http://www.securityfocus.com/bid/107623 https://exchange.xforce.ibmcloud.com/vulnerabilities/156242 https://www.ibm.com/support/docview.wss?uid=ibm10869570 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531. IBM WebSphere Application Server, en versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto suplantar la información de conexión, la cual podría emplearse para lanzar otros ataques contra el sistema. IBM X-Force ID: 152531. • http://www.securityfocus.com/bid/107383 https://exchange.xforce.ibmcloud.com/vulnerabilities/152531 https://www.ibm.com/support/docview.wss?uid=ibm10795115 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946. IBM WebSphere Application Server, en sus versiones 8.5 y 9.0, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10869406 https://exchange.xforce.ibmcloud.com/vulnerabilities/155946 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría proporcionar seguridad más débil de la esperada debido a una configuración TLS incorrecta. Un atacante remoto podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas Man-in-the-Middle (MitM). • http://www.securityfocus.com/bid/107155 https://exchange.xforce.ibmcloud.com/vulnerabilities/154650 https://www.ibm.com/support/docview.wss?uid=ibm10793421 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. La consola de administrador de IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a ataques Cross-Site Request Forgery (CSRF) a causa de una validación incorrecta de entradas proporcionadas por el usuario. • http://www.securityfocus.com/bid/106204 https://exchange.xforce.ibmcloud.com/vulnerabilities/152992 https://www.ibm.com/support/docview.wss?uid=ibm10742301 • CWE-352: Cross-Site Request Forgery (CSRF) •