Page 23 of 116 results (0.011 seconds)

CVSS: 1.9EPSS: 0%CPEs: 56EXPL: 0

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413. PerfServlet en el componente PMI/Performance Tools de IBM WebSphere Application Server (WAS) v6.0.x anterior a v6.0.2.31, v6.1.x anterior a v6.1.0.21 y v7.0.x anterior a v7.0.0.1, cuando está habilitado Performance Monitoring Infrastructure (PMI), permite a usuarios locales obtener información sensible leyendo los ficheros (1) systemout.log y (2) ffdc. NOTA: Puede que esta vulnerabilidad sea la misma que CVE-2008-5413. • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK63886 http://www-1.ibm.com/support/docview.wss? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0

Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libibmaio) library in the Java Message Service (JMS) component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service (daemon crash) via vectors related to the aio_getioev2 and getEvent methods. Vulnerabilidad inespecifica en la libreria IBM Asynchronous I/O (tambien conocido como AIO o libibmaio) en el componente Java Message Service (JMS) en IBM WebSphere Application Server (WAS) v6.1.x anteriores a v6.1.0.7 en AIX v5.3 permite a los atacantes producir una denegacion de servicio (caida de demonio) a traves de vectores relacionados con los metodos "aio_getioev2" y "getEvent". • http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg24019205 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/33700 https://exchange.xforce.ibmcloud.com/vulnerabilities/48525 •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. Una vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) versiones 7 y anteriores a 7.0.0.1 en Windows, presenta un impacto y vectores de ataque desconocidos relacionados con JSP. • http://secunia.com/advisories/33022 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK75248 http://www.securityfocus.com/bid/32679 http://www.vupen.com/english/advisories/2008/3370 https://exchange.xforce.ibmcloud.com/vulnerabilities/47134 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. PerfServlet en el componente PMI/Performance Tools en IBM WebSphere Application Server (WAS) versiones 7 anteriores a 7.0.0.1, permite a los atacantes obtener información confidencial mediante la lectura de los archivos (1) systemout.log y (2) ffdc. NOTA: esto es probablemente un duplicado de CVE-2009-0434. • http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK63886 http://www.securityfocus.com/bid/32679 http://www.vupen.com/english/advisories/2008/3370 http://www.vupen.com/english/advisories/2009/0423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. IBM WebSphere Application Server (WAS) 7 y versiones anteriores 7.0.0.1 que envía tráfico SSL sobre "TCP inseguro", el cual hace más fácil para usuarios remotos obtener información sensible, rastreando la red. • http://secunia.com/advisories/33022 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK74777 http://www.securityfocus.com/bid/32679 http://www.vupen.com/english/advisories/2008/3370 https://exchange.xforce.ibmcloud.com/vulnerabilities/47135 • CWE-310: Cryptographic Issues •