CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0899
https://notcve.org/view.php?id=CVE-2009-0899
03 Jun 2009 — IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 a la v6.1.0.24 y v7.0 a ... • http://www-01.ibm.com/support/docview.wss?uid=swg21375859 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 27EXPL: 0CVE-2009-1172
https://notcve.org/view.php?id=CVE-2009-1172
31 Mar 2009 — The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors. El JAX-RPC Runtime WS-Security en el componente Web Services Security en IBM WebSphere Application Server (WAS) v6.1 versiones anteriores a v6.1.0.23 y v7.0 versiones anteriores a v7.0.0.3, cuando APAR PK41002 está instalado, no... • http://secunia.com/advisories/34131 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1173
https://notcve.org/view.php?id=CVE-2009-1173
31 Mar 2009 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used. IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.3 utiliza permisos débiles (777) para ficheros asociados con "correcciones parciales" sin especificar, lo que permite a atacantes modificar ficheros que podría no haber estado accesible si lo... • http://secunia.com/advisories/34131 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2009-1174
https://notcve.org/view.php?id=CVE-2009-1174
31 Mar 2009 — The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors. El componente Web Services Security en IBM WebSphere Application Server (WAS) v7.0 versiones anteriores a v7.0.0.3 tiene un "problema de seguridad" no especificado en la especificación firma-digital XML, lo cual tiene un impacto y vectores de ataque desconocidos... • http://secunia.com/advisories/34131 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2009-0892
https://notcve.org/view.php?id=CVE-2009-0892
31 Mar 2009 — The administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout. La consola de administración en IBM WebSphere Application Server (WAS) v6.1 versiones anteriores a v6.1.0.23 y v7.0 versiones anteriores a v7.0.0.3 permite a atacantes secuestrar sesiones de usuarios en "escenarios específicos" relacionados con cierres de sesión forzadas. • http://secunia.com/advisories/34131 • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 59EXPL: 0CVE-2009-0891
https://notcve.org/view.php?id=CVE-2009-0891
25 Mar 2009 — The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. El componente Web Services Security en IBM WebSphere Application Server v7.0 anterior a Fix Pac... • http://secunia.com/advisories/34131 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 34EXPL: 0CVE-2009-0508
https://notcve.org/view.php?id=CVE-2009-0508
16 Mar 2009 — The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. El componente Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) v5.1.0, v5.1.1.19, v... • http://secunia.com/advisories/34283 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0504
https://notcve.org/view.php?id=CVE-2009-0504
17 Feb 2009 — WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message. WSPolicy en el componente Web Services en IBM WebSphere Application Server (WAS) v7.0.x anterior a v7.0.0.1 no reconoce adecuadamente la propiedad de vínculo IDAssertion.isUsed, lo que permite a usuarios locales descubrir una contraseña leyendo un mensaje SOAP. • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 56EXPL: 0CVE-2009-0434
https://notcve.org/view.php?id=CVE-2009-0434
10 Feb 2009 — PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413. PerfServlet en el componente PMI/Performance Tools de IBM WebSphere Application Server (WAS) v6.0.x anterior a v6.0.2.31, v6.1.x ... • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0438
https://notcve.org/view.php?id=CVE-2009-0438
10 Feb 2009 — IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. IBM WebSphere Application Server (WAS) 7 anterior a v7.0.0.1 para Windows; permite a atacantes remotos evitar las "comprobaciones de Autenticación" y obtener información sensible de páginas JSP a través de una solicitud manipulada. NOTA: Puede que esta vulnerabi... • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-264: Permissions, Privileges, and Access Controls •