CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29842
https://notcve.org/view.php?id=CVE-2021-29842
16 Sep 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5, 9.0 y Liberty versiones 17.0.0.3 hasta 21.0.0.9, podrían permitir a un usuario remoto enumerar nombres de usuario debido a una diferencia de respuestas de intentos de inicio de sesión válidos y no válidos. IBM X-Force I... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205202 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29736
https://notcve.org/view.php?id=CVE-2021-29736
30 Jul 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 podría permitir a un usuario remoto alcanzar privilegios elevados en el sistema. IBM X-Force ID: 201300 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201300 •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29754
https://notcve.org/view.php?id=CVE-2021-29754
11 Jun 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es suceptible a una vulnerabilidad de escalada de privilegios cuando se usa el SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202006 •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20492
https://notcve.org/view.php?id=CVE-2021-20492
26 May 2021 — IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793. IBM WebSphere Application Server versiones 8.0, 8.5, 9.0 y Liberty Java Batch es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando procesa datos XML. Un atacante remoto podría explotar es... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197793 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20454
https://notcve.org/view.php?id=CVE-2021-20454
21 Apr 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exp... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196649 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20453
https://notcve.org/view.php?id=CVE-2021-20453
20 Apr 2021 — IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648. IBM WebSphere Application Server versiones 8.0, 8.5 y 9.0, es vulnerable a un ataque de inyección de XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para expon... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196648 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5016
https://notcve.org/view.php?id=CVE-2020-5016
10 Mar 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante r... • https://exchange.xforce.ibmcloud.com/vulnerabilities/193556 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20354
https://notcve.org/view.php?id=CVE-2021-20354
18 Feb 2021 — IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. IBM WebSphere Application Server versiones 8.0, 8.5 y 9.0, podría permitir a un atacante remoto un salto de directorio. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (/../) para visualizar ar... • https://exchange.xforce.ibmcloud.com/vulnerabilities/194883 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 7%CPEs: 4EXPL: 0CVE-2021-20353 – IBM WebSphere EDataGraphImpl Deserialization of Untrusted Data Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-20353
10 Feb 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer inf... • https://exchange.xforce.ibmcloud.com/vulnerabilities/194882 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.2EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4949
https://notcve.org/view.php?id=CVE-2020-4949
26 Jan 2021 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192025 • CWE-611: Improper Restriction of XML External Entity Reference •