Page 22 of 328 results (0.006 seconds)

CVSS: 3.5EPSS: 0%CPEs: 22EXPL: 0

IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, cuando el cacheo de archivo estático simpleFileServlet está habilitado, permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM98624 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 https://exchange.xforce.ibmcloud.com/vulnerabilities/88905 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0

IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8 y 8.5.x anteriores a 8.5.5.2 permite a atacantes remotos causar una denegacuón de servicio (consumo de recursos) a través de una petición manipulada al endpoint de servicios web. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99450 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 http://www-01.ibm.com/support/docview.wss?uid=swg21661325 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 https://exchange.xforce.ibmcloud.com/vulnerabilities/88906 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 41EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad cross-site scripting (XSS) en Administrative Console de IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8, y 8.5.x anteriores a 8.5.5.2 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de una URL manipulada. • http://osvdb.org/102119 http://www-01.ibm.com/support/docview.wss?uid=swg1PM98132 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 http://www-01.ibm.com/support/docview.wss?uid=swg21661325 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www.securityfocus.com/bid/65099 https://exchange.xforce.ibmcloud.com/vulnerabilities/89280 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 39EXPL: 0

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation. La funcionalidad de migración en IBM WebSphere Application Server (WAS) 7.0 antes 7.0.0.31, 8.0 antes 8.0.0.8, y 8.5 antes de 8.5.5.1 no soporta adecuadamente la distinción entre el rol de administrador y el rol adminsecmanager, que permite a usuarios remotos autenticados obtener privilegios en circunstancias oportunistas accedediendo a los recursos en medio de una migración y una evaluación de role • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 http://www-01.ibm.com/support/docview.wss?uid=swg1PM92313 https://exchange.xforce.ibmcloud.com/vulnerabilities/87476 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data. Vulnerabilidad de XSS en IBM WebSphere Application Server (WAS) 7.0 anterior a la versión 7.0.0.31, 8.0 anterior a 8.0.0.8, y 8.5 anterior a la versión 8.5.5.1 permite a atacantes remotos inyectar script web o HTML arbitrario a través de datos de respuesta HTTP. • http://www-01.ibm.com/support/docview.wss?&uid=swg21651880 http://www-01.ibm.com/support/docview.wss?uid=swg1PM93323 http://www-01.ibm.com/support/docview.wss?uid=swg1PM93944 http://www.securityfocus.com/bid/63780 https://exchange.xforce.ibmcloud.com/vulnerabilities/87479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •