
CVE-2014-4770
https://notcve.org/view.php?id=CVE-2014-4770
23 Sep 2014 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10, y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitr... • http://secunia.com/advisories/61418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2013-0542
https://notcve.org/view.php?id=CVE-2013-0542
24 Apr 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2012-4851
https://notcve.org/view.php?id=CVE-2012-4851
14 Nov 2012 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM WebSphere Application Server v8.5 Liberty Profile antes de v8.5.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URI diseñada para tal fin. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM68643 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2012-2162
https://notcve.org/view.php?id=CVE-2012-2162
01 May 2012 — The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. El complemento Web Server en IBM WebSphere Application Server (WAS) v8.0 y anteriores, utilizan comunicaciones sin HTTP cifrar después de la expiración de la contraseña de plugin-key.kdb, lo que permi... • http://www-01.ibm.com/support/docview.wss?uid=swg21588312 • CWE-310: Cryptographic Issues •

CVE-2012-0193
https://notcve.org/view.php?id=CVE-2012-0193
20 Jan 2012 — IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. IBM WebSphere Application Server (WAS) v6.0 hasta v6.0.2.43, v6.1 antes de v6.1.0.43 6.1, v7.0 antes de v7.0.0.23, v8.0 antes de v8.0.0.3 calcula los valores ha... • http://osvdb.org/78321 • CWE-20: Improper Input Validation •

CVE-2009-2747
https://notcve.org/view.php?id=CVE-2009-2747
30 Oct 2011 — The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call. La implementación Java Naming and Directory Interface (JNDI) la aplicación en IBM WebSphere Application Server (WAS) v6.0 anterior a v6.0.2.39, v6.1 anterior a v6.1.0.29 6.1 y v7.0 anterio... • http://www.ibm.com/support/docview.wss?uid=swg1PK91414 • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2010-3271 – IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2010-3271
18 Jul 2011 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la Integrat... • https://www.exploit-db.com/exploits/17404 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2011-1683
https://notcve.org/view.php?id=CVE-2011-1683
13 Apr 2011 — IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. IBM WebSphere Application Server (WAS) v6.0.x hasta v6.0.2.43, v6.1.x anterior a v6.1.0.37, y v7.0.x anterior a v7.0.0.17 sobre z/OS, cuando un usuario registrado en Locla OS o Federated Repository con adaptador RACF está us... • http://secunia.com/advisories/43965 • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2011-1308
https://notcve.org/view.php?id=CVE-2011-1308
08 Mar 2011 — Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Installation Verification Test (IVT) en el componente Install en IBM WebSphere Application Server (WAS) anteriores a v7.0.0.15, permite a atacantes remotos iny... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM20393 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2011-1309
https://notcve.org/view.php?id=CVE-2011-1309
08 Mar 2011 — The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. El componente Plug-in en IBM WebSphere Application Server (WAS) anterior a v7.0.0.15 no maneja adecuadamente las solicitudes de rastreo, lo que tiene un impacto y vectores de ataque no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM22860 • CWE-20: Improper Input Validation •