Page 21 of 404 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. IBM WebSphere Application Server (WAS) de la versión 8.5 hasta la 8.5.0.2 en UNIX permite que usuarios locales obtengan privilegios aprovechando la inicialización incorrecta de procesos. IBM X-Force ID: 84362. • http://www-01.ibm.com/support/docview.wss?&uid=swg21639553 https://exchange.xforce.ibmcloud.com/vulnerabilities/84362 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto obtenga información sensible provocado por la gestión incorrecta de los campos del panel Administrative Console. Al explotarse, un atacante podría navegar por el sistema de archivos. • http://www.ibm.com/support/docview.wss?uid=swg22013601 http://www.securityfocus.com/bid/104134 http://www.securitytracker.com/id/1040890 https://exchange.xforce.ibmcloud.com/vulnerabilities/134933 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031. Las instalaciones de IBM WebSphere Application Server 9 que emplean Form Login podrían permitir que un atacante remoto lleve a cabo ataques de suplantación. IBM X-Force ID: 137031. • http://www.ibm.com/support/docview.wss?uid=swg22012341 http://www.securityfocus.com/bid/103497 https://exchange.xforce.ibmcloud.com/vulnerabilities/137031 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto obtenga información sensible provocado por la gestión incorrecta de los campos del panel Administrative Console. Al explotarse, un atacante podría leer archivos en el sistema de archivos. • http://www.ibm.com/support/docview.wss?uid=swg22012342 http://www.securitytracker.com/id/1040485 https://exchange.xforce.ibmcloud.com/vulnerabilities/134931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. La clase javax.naming.directory.AttributeInUseException en Virtual Member Manager en IBM WebSphere Application Server (WAS) en versiones 6.1 anteriores a la 6.1.0.43, versiones 7.0 anteriores a la 7.0.0.21 y versiones 8.0 anteriores a la 8.0.0.2 no actualiza correctamente las contraseñas en una configuración que emplea Tivoli Directory Server. Esto podría permitir que atacantes remotos obtengan acceso a una aplicación aprovechando el conocimiento de una contraseña antigua. IBM X-Force ID: 72581. • https://exchange.xforce.ibmcloud.com/vulnerabilities/72581 https://www-304.ibm.com/support/docview.wss?uid=swg21587015 • CWE-254: 7PK - Security Features •