CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1788
https://notcve.org/view.php?id=CVE-2017-1788
IBM WebSphere Application Server 9 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 137031. Las instalaciones de IBM WebSphere Application Server 9 que emplean Form Login podrían permitir que un atacante remoto lleve a cabo ataques de suplantación. IBM X-Force ID: 137031. • http://www.ibm.com/support/docview.wss?uid=swg22012341 http://www.securityfocus.com/bid/103497 https://exchange.xforce.ibmcloud.com/vulnerabilities/137031 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1741
https://notcve.org/view.php?id=CVE-2017-1741
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto obtenga información sensible provocado por la gestión incorrecta de los campos del panel Administrative Console. Al explotarse, un atacante podría leer archivos en el sistema de archivos. • http://www.ibm.com/support/docview.wss?uid=swg22012342 http://www.securitytracker.com/id/1040485 https://exchange.xforce.ibmcloud.com/vulnerabilities/134931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4889
https://notcve.org/view.php?id=CVE-2011-4889
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. La clase javax.naming.directory.AttributeInUseException en Virtual Member Manager en IBM WebSphere Application Server (WAS) en versiones 6.1 anteriores a la 6.1.0.43, versiones 7.0 anteriores a la 7.0.0.21 y versiones 8.0 anteriores a la 8.0.0.2 no actualiza correctamente las contraseñas en una configuración que emplea Tivoli Directory Server. Esto podría permitir que atacantes remotos obtengan acceso a una aplicación aprovechando el conocimiento de una contraseña antigua. IBM X-Force ID: 72581. • https://exchange.xforce.ibmcloud.com/vulnerabilities/72581 https://www-304.ibm.com/support/docview.wss?uid=swg21587015 • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1731
https://notcve.org/view.php?id=CVE-2017-1731
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría proporcionar seguridad más débil de la esperada al emplear la consola de administración. Un atacante remoto autenticado podría explotar esta vulnerabilidad para obtener privilegios elevados. • http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R http://www.securityfocus.com/bid/102911 http://www.securitytracker.com/id/1040356 https://exchange.xforce.ibmcloud.com/vulnerabilities/134912 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1503
https://notcve.org/view.php?id=CVE-2017-1503
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a ataques de división de respuestas HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg22006815 http://www.securityfocus.com/bid/101234 http://www.securitytracker.com/id/1039521 https://exchange.xforce.ibmcloud.com/vulnerabilities/129578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •