Page 18 of 171 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto obtenga información sensible provocado por la gestión incorrecta de los campos del panel Administrative Console. Al explotarse, un atacante podría leer archivos en el sistema de archivos. • http://www.ibm.com/support/docview.wss?uid=swg22012342 http://www.securitytracker.com/id/1040485 https://exchange.xforce.ibmcloud.com/vulnerabilities/134931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría proporcionar seguridad más débil de la esperada al emplear la consola de administración. Un atacante remoto autenticado podría explotar esta vulnerabilidad para obtener privilegios elevados. • http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R http://www.securityfocus.com/bid/102911 http://www.securitytracker.com/id/1040356 https://exchange.xforce.ibmcloud.com/vulnerabilities/134912 •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a ataques de división de respuestas HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg22006815 http://www.securityfocus.com/bid/101234 http://www.securitytracker.com/id/1039521 https://exchange.xforce.ibmcloud.com/vulnerabilities/129578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. IBM Business Process Manager (BPM) 7.5.x, 8.0.x y 8.5.x y WebSphere Lombardi Edition (WLE) 7.2.x permiten que usuarios autenticados remotos omitan las restricciones de acceso establecidas en tipos de servicios internos mediante vectores relacionados con la URL executeServiceByName. • http://www.securityfocus.com/bid/73274 https://www-304.ibm.com/support/docview.wss?uid=swg21694940 • CWE-284: Improper Access Control •

CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. IBM WebSphere Application Server 8.0, 8.5 y 9.0 podría proporcionar una seguridad más débil de lo esperado después de usar la consola de administrador para actualizar la configuración de seguridad de los servicios web. IBM X-Force ID: 129576. • http://www.ibm.com/support/docview.wss?uid=swg22006810 http://www.securityfocus.com/bid/100394 http://www.securitytracker.com/id/1039199 https://exchange.xforce.ibmcloud.com/vulnerabilities/129576 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •