CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5446
https://notcve.org/view.php?id=CVE-2013-5446
22 Oct 2013 — The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. La consola en IBM WebSphere DataPower XC10 appliances 2.1.0 y 2.5.0 no procesa adecuadamente acciones de cierre de sesión, el cual tiene un impacto sin especificar y vectores de ataque remotos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC93164 •
CVSS: 10.0EPSS: 1%CPEs: 11EXPL: 0CVE-2013-5403
https://notcve.org/view.php?id=CVE-2013-5403
27 Sep 2013 — Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere DataPower XC10 appliance v2.0 hasta v2.5.0.1 permite a atacantes remotos conseguir acceso administrativo a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96174 •
CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 2CVE-2013-0499 – IBM WebSphere DataPower 3.8.2 / 4.0.x / 5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-0499
23 May 2013 — Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services. Una vulnerabilidad de tipo cross-site scripting (XSS) en la funcionalidad echo en dispositivos SOA WebSphere DataPower de IBM con la versión de firmware 3.8.2,... • http://seclists.org/bugtraq/2013/May/83 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-0600
https://notcve.org/view.php?id=CVE-2013-0600
09 May 2013 — Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. Vulnerabilidad sin especificar en dispositivos IBM WebSphere DataPower XC10 Appliance v2.0 y v2.1 hasta v2.1 FP3 lo que permite a atacantes remotos burlar la autenticación y realizar acciones administraticas a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC91726 •