CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6163
https://notcve.org/view.php?id=CVE-2014-6163
Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el dispositivo IBM WebSphere DataPower XC10 2.1 y 2.5 anterior a FP4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614 http://www-01.ibm.com/support/docview.wss?uid=swg21691035 https://exchange.xforce.ibmcloud.com/vulnerabilities/97712 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3058
https://notcve.org/view.php?id=CVE-2014-3058
Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en el dispositivo IBM WebSphere DataPower XC10 2.1 y 2.5 anterior a FP4 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614 http://www-01.ibm.com/support/docview.wss?uid=swg21691035 https://exchange.xforce.ibmcloud.com/vulnerabilities/93532 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3060
https://notcve.org/view.php?id=CVE-2014-3060
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie. Vulnerabilidad no especificada en IBM WebSphere DataPower XC10 2.5 permite a atacantes remotos obtener privilegios de administración mediante el aprovechamiento del acceso a una red eXtreme Scale Distributed ObjectGrid y la captura de una cookie de sesión. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476 http://www-01.ibm.com/support/docview.wss?uid=swg21685705 https://exchange.xforce.ibmcloud.com/vulnerabilities/93534 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3059
https://notcve.org/view.php?id=CVE-2014-3059
Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network. Vulnerabilidad no especificada en la consola de administración en IBM WebSphere DataPower XC10 2.5 permite a atacantes remotos obtener privilegios de administración mediante el aprovechamiento del acceso a una red de eXtreme Scale Distributed ObjectGrid. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476 http://www-01.ibm.com/support/docview.wss?uid=swg21685705 https://exchange.xforce.ibmcloud.com/vulnerabilities/93533 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5428
https://notcve.org/view.php?id=CVE-2013-5428
IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. IBM WebSphere DataPower XC10 2.5.0 no requiere autenticación para todas las acciones administrativas, lo que permite a atacantes remotos causar una denegación de servicio a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC93164 http://www-01.ibm.com/support/docview.wss?uid=swg1IC96617 http://www.ibm.com/support/docview.wss?uid=swg21653546 https://exchange.xforce.ibmcloud.com/vulnerabilities/87560 • CWE-264: Permissions, Privileges, and Access Controls •