CVSS: 5.4EPSS: 0%CPEs: 73EXPL: 0CVE-2013-4005
https://notcve.org/view.php?id=CVE-2013-4005
21 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88208 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2013-1777 – Apache Geronimo 3 RMI Classloader Exposure
https://notcve.org/view.php?id=CVE-2013-1777
01 Jul 2013 — The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object. La funcionalidad JMX Remoting en Apache Geronimo versiones 3.x anteriores a 3.0.1, tal y como se usa en WebSphere Application Server (WAS) Community Edition de IBM versión 3.0.0.3... • http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0CVE-2013-0482
https://notcve.org/view.php?id=CVE-2013-0482
29 May 2013 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.29, 8.0 anterior a 8.0.0.6, y 8.5 a la 8.5.0.2 y Web... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185 •
CVSS: 8.1EPSS: 0%CPEs: 65EXPL: 0CVE-2013-0543
https://notcve.org/view.php?id=CVE-2013-0543
24 Apr 2013 — IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes v7.0.0.29, v8.0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux, Solaris y HP-UX, cuando se utiliza un registro Loc... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 0CVE-2013-0542
https://notcve.org/view.php?id=CVE-2013-0542
24 Apr 2013 — Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0565
https://notcve.org/view.php?id=CVE-2013-0565
24 Apr 2013 — Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IBM WebSphere Application Server (WAS) 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted response. Vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en el adaptador de RPC para la Web 2.0 y Mobile kit de herramientas de IBM WebSphere Application Server (WAS) v8.5 antes de v8.5.0.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML ... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 57EXPL: 0CVE-2013-0544
https://notcve.org/view.php?id=CVE-2013-0544
24 Apr 2013 — Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. Vulnerabilidad de salto de directorio en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes de v7.0.0.29, v8,0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux y UNIX permite a us... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0540
https://notcve.org/view.php?id=CVE-2013-0540
24 Apr 2013 — IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session. IBM WebSphere Application Server (WAS) Liberty Profile v8.5 antes de v8.5.0.2, cuando SSL no está habilitado, no se valida correctamente las cookies de autenticación, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso destinados a... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 57EXPL: 0CVE-2013-0541
https://notcve.org/view.php?id=CVE-2013-0541
24 Apr 2013 — Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors. Desbordamiento de búfer en IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.5.0.2 en Windows, cuando se u... • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2013-0460
https://notcve.org/view.php?id=CVE-2013-0460
27 Jan 2013 — Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Cross-site request forgery (CSRF) vulnerabilidad en el subsistema de portlet en la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47 y v7,0 antes de ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM72275 • CWE-352: Cross-Site Request Forgery (CSRF) •