CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2015-0118
https://notcve.org/view.php?id=CVE-2015-0118
28 Jun 2015 — IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers, which might make it easier for remote attackers to obtain sensitive information by sniffing the network during a connection to an Integration Bus node. IBM WebSphere Message Broker Toolkit 7 anterior a 7007 IF2 y 8 anterior a 8005 IF1 y Integration Toolkit 9 anterior a 9003 IF1 están distribuidos con ficheros JAR d... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT05725 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-6170
https://notcve.org/view.php?id=CVE-2014-6170
02 Feb 2015 — The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault. El nodo HTTPInput en IBM WebSphere Message Broker 7.0 anterior a 7.0.0.8 y 8.0 anterior a 8.0.0.6 y IBM Integration Bus 9.0 anterior a 9.0.0.4 permite a atacantes remotos obtener información sensible mediante la provocación de un fallo SOAP. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT01929 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2014-4819
https://notcve.org/view.php?id=CVE-2014-4819
18 Sep 2014 — The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page. La interfaz web de usuario en IBM WebSphere Message Broker 8.0 anterior a 8.0.0.6 e IBM Integration Bus 9.0 anterior a 9.0.0.3 permite a usuarios autenticados remotos obtener información sensible leyendo la página de error. • http://secunia.com/advisories/61356 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 0CVE-2013-5372 – JDK: XML4J xml entity expansion excessive memory use (XML)
https://notcve.org/view.php?id=CVE-2013-5372
19 Oct 2013 — The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities. El parseador XML4J en IBM WebSphere Message Broker 6.1 antes 6.1.0.12, 7.0 antes 7.0.0.7 y 8.0.0.4 y 8.0 antes de IBM Integration Bus 9.0 antes 9.0.0.1 permite a atacantes remotos provocar una denegación de servi... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0CVE-2013-0482
https://notcve.org/view.php?id=CVE-2013-0482
29 May 2013 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.29, 8.0 anterior a 8.0.0.6, y 8.5 a la 8.5.0.2 y Web... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185 •
CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2012-5952
https://notcve.org/view.php?id=CVE-2012-5952
20 Feb 2013 — IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors. IBM WebSphere Message Broker v6.1 antes de v6.1.0.12, v7.0 antes de v7.0.0.6 y v8.0 antes de v8.0.0.2 no validan credenciales de autenticación básicas antes de proceder a operaciones de WS-Addressin... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC89803 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2012-5953
https://notcve.org/view.php?id=CVE-2012-5953
20 Feb 2013 — IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a denial of service (infinite loop) via a crafted query string. IBM WebSphere Message Broker v6.1 antes v6.1.0.12, v7,0 antes de v7.0.0.6 y 8,0 antes de 8.0.0.2, cuando la opción de análisis de cadenas está habilitada en un nodo HTTPInput, permite a atacantes remotos provocar una denegación de servicio (bucle infin... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM75015 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0466
https://notcve.org/view.php?id=CVE-2013-0466
20 Feb 2013 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is not properly handled during construction of an error message. Cross-site scripting (XSS) en WebSphere Message Broker IBM v7,0 antes de v7.0.0.6 y v8,0 antes de v8.0.0.2 antes, cuando el soporte wsdl está habilitada en un nodo SOAPInput, permite a atacantes... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC89383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2012-3317
https://notcve.org/view.php?id=CVE-2012-3317
05 Dec 2012 — IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300. IBM WebSphere Message Broker v6.1 anterior a v6.1.0.11, v7.0 anterior a v7.0.0.5, y v8.0 anterior a v8.0.0.2 tiene la propiedad incorrecta de cierto programa de desinstalación de Java Runtime Environment (JRE), lo que podría permitir a usuar... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477 • CWE-264: Permissions, Privileges, and Access Controls •