CVSS: 3.5EPSS: 0%CPEs: 36EXPL: 0CVE-2013-0597
https://notcve.org/view.php?id=CVE-2013-0597
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0 cuando se utiliza OAuth, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM85834 http://www-01.ibm.com/support/docview.wss?uid=swg1PM87131 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/83609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0CVE-2013-0482
https://notcve.org/view.php?id=CVE-2013-0482
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.29, 8.0 anterior a 8.0.0.6, y 8.5 a la 8.5.0.2 y WebSphere Message Broker 6.1, 7.0 a la 7.0.0.5, y 8.0 a la 8.0.0.2, cuando se usa WS-Security, permite a atacantes remotos suplantar las firmas de los mensajes a través de mensajes SOAP manipulados relacionado con "Signature Wrap attack," vulnerabilidad distinta de CVE-2011-1377 y CVE-2013-0489. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185 http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86026 http://www-01.ibm.com/support/docview.wss?uid=swg21634646 http://www-01.ibm.com/support/docview.wss? •
CVSS: 4.3EPSS: 0%CPEs: 54EXPL: 0CVE-2013-0542
https://notcve.org/view.php?id=CVE-2013-0542
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.5.0.2 permite a atacantes remotos inyectar arbitraria secuencias de comandos web o HTML a través de los valores de campo artesanales. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM81846 https://exchange.xforce.ibmcloud.com/vulnerabilities/82697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 65EXPL: 0CVE-2013-0543
https://notcve.org/view.php?id=CVE-2013-0543
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes v7.0.0.29, v8.0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux, Solaris y HP-UX, cuando se utiliza un registro Local OS, hace no valida correctamente las cuentas de usuario, lo que permite a atacantes remotos evitar las restricciones de acceso previstos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM75582 https://exchange.xforce.ibmcloud.com/vulnerabilities/82759 • CWE-863: Incorrect Authorization •
CVSS: 4.0EPSS: 0%CPEs: 57EXPL: 0CVE-2013-0544
https://notcve.org/view.php?id=CVE-2013-0544
Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. Vulnerabilidad de salto de directorio en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes de v7.0.0.29, v8,0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux y UNIX permite a usuarios remotos autenticados modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM82468 https://exchange.xforce.ibmcloud.com/vulnerabilities/82760 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •