CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35282
https://notcve.org/view.php?id=CVE-2022-35282
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante con acceso a la red local podría aprovechar esta vulnerabilidad para obtener datos confidenciales • https://exchange.xforce.ibmcloud.com/vulnerabilities/230809 https://www.ibm.com/support/pages/node/6824179 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerables a una inyección de encabezados HTTP, causada por una comprobación inapropiada. Esto podría permitir a un atacante conducir varios ataques contra el sistema vulnerable, incluyendo el envenenamiento de la caché y ataques de tipo cross-site scripting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 https://www.ibm.com/support/pages/node/6618747 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22473
https://notcve.org/view.php?id=CVE-2022-22473
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 podría permitir a un atacante remoto obtener información confidencial causada por un manejo inapropiado de los datos de la Consola Administrativa. Esta información podría usarse en otros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/225347 https://www.ibm.com/support/pages/node/6603421 •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22365
https://notcve.org/view.php?id=CVE-2022-22365
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, con la aplicación web Ajax Proxy (AjaxProxy.war) desplegada, es vulnerable a una suplantación de identidad al permitir a un atacante de tipo man-in-the-middle suplantar los nombres de host del servidor SSL. IBM X-Force ID: 220904 • https://exchange.xforce.ibmcloud.com/vulnerabilities/220904 https://www.ibm.com/support/pages/node/6587947 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39038
https://notcve.org/view.php?id=CVE-2021-39038
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. IBM WebSphere Application Server versión 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 hasta 22.0.0.2, podrían permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y posiblemente lanzar más ataques contra ella. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213968 https://www.ibm.com/support/pages/node/6559044 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •