Page 21 of 150 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0

IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM WebSphere Application Server 7.x anterior a 7.0.0.37, 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.4 permiten a atacantes remotos llevar a cabo un ataque de clickjacking a través de un sitio web manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI27152 http://www-01.ibm.com/support/docview.wss?uid=swg21690185 https://exchange.xforce.ibmcloud.com/vulnerabilities/98486 • CWE-254: 7PK - Security Features •

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0

Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la funcionalidad de reescritura de URL en IBM WebSphere Application Server 7.x anterior a 7.0.0.37, 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI23819 http://www-01.ibm.com/support/docview.wss?uid=swg21690185 https://exchange.xforce.ibmcloud.com/vulnerabilities/97748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0

IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL. IBM WebSphere Application Server 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.4 permite a atacantes remotos falsificar las cookies de OpenID y OpenID connect y en consecuencia, obtener información sensible mediante URL modificadas. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI23430 http://www-01.ibm.com/support/docview.wss?uid=swg21690185 https://exchange.xforce.ibmcloud.com/vulnerabilities/97713 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 57EXPL: 0

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10, y 8.5 anterior a 8.5.5.4 no maneja correctamente las cabeceras HTTP, lo que permite a atacantes remotos obtener datos sensibles de cookies y la autenticación a través de un método HTTP no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI08268 http://www-01.ibm.com/support/docview.wss?uid=swg21684612 https://exchange.xforce.ibmcloud.com/vulnerabilities/93059 • CWE-20: Improper Input Validation •

CVSS: 6.0EPSS: 0%CPEs: 120EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en la consola de administración en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10 y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias XSS. • http://secunia.com/advisories/61418 http://secunia.com/advisories/61423 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055 http://www-01.ibm.com/support/docview.wss?uid=swg21682767 http://www.kb.cert.org/vuls/id/573356 http://www.securityfocus.com/bid/69980 https://exchange.xforce.ibmcloud.com/vulnerabilities/95402 • CWE-352: Cross-Site Request Forgery (CSRF) •