NotCVE - vendor:"Ibm" product:"Websphere Mq" version:"7.0.1"

Page 2 of 22 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 2

CVE-2012-3294 – IBM Websphere MQ File Transfer Edition Web Gateway - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2012-3294

17 Aug 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI. ... • https://www.exploit-db.com/exploits/20477 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 7%CPEs: 7EXPL: 2

CVE-2012-2206 – IBM Websphere MQ File Transfer Edition Web Gateway - Insufficient Access Control

https://notcve.org/view.php?id=CVE-2012-2206

17 Aug 2012 — The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI. El componente de puerta de enlace de Internet en IBM WebSphere MQ File Transfer Edition v7.0.4 y anteriores permite leer archivos de usuarios de su elección a usuarios remotos autenticados a través de vectores relacionados con un nomb... • https://www.exploit-db.com/exploits/20478 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2010-0780

https://notcve.org/view.php?id=CVE-2010-0780

29 Oct 2011 — IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager. IBM WebSphere MQ 7.x anteriores a 7.0.1.4 permite a atacantes remotos provocar una denegación de servicio (corrupción de disco) a través de intentos de conexión múltiples a un gestor de cola detenido. • http://www-01.ibm.com/support/docview.wss?uid=swg27014224 • CWE-399: Resource Management Errors •

CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0

CVE-2011-1224

https://notcve.org/view.php?id=CVE-2011-1224

07 Jul 2011 — IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. IBM WebSphere MQ v6.0 antes de v6.0.2.11 y antes de v7.0.1.5 7.0 no utiliza la extensión de certificado de los puntos de distribución (CDP) de los CRL (Listas de revocación de certificados), lo que podría permitir que a través de... • http://www-01.ibm.com/support/docview.wss?uid=swg27007069 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0

CVE-2011-0310

https://notcve.org/view.php?id=CVE-2011-0310

13 Jan 2011 — Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. Desbordamiento de búfer en IBM WebSphere MQ v7.0 anterior a v7.0.1.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) mediante un campo de cabecera manipulado en un mensaje • http://osvdb.org/70476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 23EXPL: 0

CVE-2011-0314

https://notcve.org/view.php?id=CVE-2011-0314

12 Jan 2011 — Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. Desbordamiento de búfer basado en memoria dinámica en IBM WebSphere MQ v6.0 antes de v6.0.2.11 y v7.0 antes v7.0.1.5, permite a usuarios autenticados remotamente ejecutar código de su elección o causar una denegación de servicio (caída del gestor de colas) median... • http://secunia.com/advisories/42941 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2010-2638

https://notcve.org/view.php?id=CVE-2010-2638

15 Nov 2010 — Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. Una vulnerabilidad no especificada en IBM WebSphere MQ v7.0 antes de v7.0.1.5 permite a usuarios remotos autenticados causar una denegación de servicio (por consumo de disco) a través de vectores que provocan un FDC con un valor de Id en RM680004 Probe. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC71123 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2010-2637

https://notcve.org/view.php?id=CVE-2010-2637

12 Nov 2010 — IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application. IBM WebSphere MQ v6.0 anterior v6.0.2.9 y v7.0 anterior v7.0.1.1 no encripta el nombre de usuarios y password en el campos de parámetros de seguridad, lo que permite a atacantes remotos a obtener información sensible por captura de tráfico de red des... • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56005 • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0

CVE-2010-0782

https://notcve.org/view.php?id=CVE-2010-0782

20 Oct 2010 — IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate. IBM WebSphere MQ v6.x anterior a v6.0.2.10 y v7.x anterior a v7.0.1.3, permite a atacantes remotos suplantar certificados autenticados X.509, y enviar y recibir mensajes del canal a través de un valor manipulado de un Subject Distinguished Name (DN). • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ68707 •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2010-0772

https://notcve.org/view.php?id=CVE-2010-0772

27 Apr 2010 — Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data." Una vulnerabilidad no especificada en el proceso de canales en IBM WebSphere MQ v7.0 antes v7.0.1.2 permite a usuarios remotos autenticados causar una denegación de servicio (mediante caida del demonio) a través de "datos incorrectos en el canal de control." • http://securitytracker.com/id?1023961 •

1 2 3