CVSS: 5.5EPSS: 0%CPEs: 46EXPL: 0CVE-2010-1651
https://notcve.org/view.php?id=CVE-2010-1651
30 Apr 2010 — IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. IBM WebSphere Application Server (WAS) v6.1.x antes de v6.1.0.31 y v7.0.x antes de v7.0.0.11, cuando estan habilitados la autenticación Basic y las trazas SIP (esto es, los logs para SIP estan ... • http://secunia.com/advisories/39628 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0769
https://notcve.org/view.php?id=CVE-2010-0769
01 Apr 2010 — IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 no define de manera apropiada los objetos J2CCon... • http://secunia.com/advisories/39140 • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0770
https://notcve.org/view.php?id=CVE-2010-0770
01 Apr 2010 — IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos autenticados provocar una denegación de servicio (cuelgue del ORB ListenerThread) al abortar u... • http://secunia.com/advisories/39140 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 0CVE-2010-0768
https://notcve.org/view.php?id=CVE-2010-0768
01 Apr 2010 — Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a l... • http://secunia.com/advisories/39140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2010-1182
https://notcve.org/view.php?id=CVE-2010-1182
29 Mar 2010 — Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. Varias vulnerabilidades sin especificar en la consola de administración de IBM WebSphere Application Server (WAS) v7.0.x hasta la v7.0.0.9 en z/OS tienen un impacto y vectores de ataque desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376 •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0563
https://notcve.org/view.php?id=CVE-2010-0563
08 Feb 2010 — The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. La funcionalidad Single Sign-on (SSO) en IBM WebSphere Application Server (WAS) v7.0.0.0 a la v7.0.0.8, no reconoce la opción de configuración "Requires SSL", lo que podría permitir a atacantes remotos obtener informa... • http://secunia.com/advisories/38425 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2749
https://notcve.org/view.php?id=CVE-2009-2749
08 Dec 2009 — Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value. Pack de Características para Communications Enabled Applications (CEA) anterior v1.0.0.1 para IBM WebSphere Application Server v7.0.0.7 usa valores de sesiones predecibles, lo que permite a atacantes de hombre en medio (man-in-the-middle) suplantar sesiones de co... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM00435 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 59EXPL: 0CVE-2009-2746
https://notcve.org/view.php?id=CVE-2009-2746
16 Nov 2009 — Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la consola de administración en el componente Security en IBM WebSphere Application Server (WAS) v6.0.2 anteriores a v6.0.2.39, v6... • http://secunia.com/advisories/37221 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2009-2743
https://notcve.org/view.php?id=CVE-2009-2743
21 Sep 2009 — IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. En WebSphere Application Server (WAS) de IBM versiones 6.1 anteriores a 6.1.0.27 y versiones 7.0 anteriores a 7.0.0.7, no manejan apropiadamente una excepción que se produce después de... • http://secunia.com/advisories/37796 •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2009-2744
https://notcve.org/view.php?id=CVE-2009-2744
21 Sep 2009 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25." Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.27 permite a atacantes remotos provocar una denegación de servicio mediante vectores desconocidos, relacionado con "un error en fixpacks v6.1.0.23 y v6.1.0.25". • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 •