CVE-2013-2967
https://notcve.org/view.php?id=CVE-2013-2967
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM78614 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/83871 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-3029
https://notcve.org/view.php?id=CVE-2013-3029
Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Vulnerabilidad CSRF (Cross-site request forgery) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.1 permitía que los atacantes remotos secuestraran la autenticación de usuarios para peticiones arbitrarias que insertan cross-site scripting (XSS) secuencias. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/84591 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-2976
https://notcve.org/view.php?id=CVE-2013-2976
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors. La consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0 no realiza correctamente el almacenamiento en caché, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM79992 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/83965 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4005
https://notcve.org/view.php?id=CVE-2013-4005
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.1 permite a usuarios autenticados remotamente inyectar secuencias web o HTML arbitrarias a través de campos sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88208 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 http://www.securitytracker.com/id/1028932 https://exchange.xforce.ibmcloud.com/vulnerabilities/85270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0482
https://notcve.org/view.php?id=CVE-2013-0482
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.29, 8.0 anterior a 8.0.0.6, y 8.5 a la 8.5.0.2 y WebSphere Message Broker 6.1, 7.0 a la 7.0.0.5, y 8.0 a la 8.0.0.2, cuando se usa WS-Security, permite a atacantes remotos suplantar las firmas de los mensajes a través de mensajes SOAP manipulados relacionado con "Signature Wrap attack," vulnerabilidad distinta de CVE-2011-1377 y CVE-2013-0489. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185 http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86026 http://www-01.ibm.com/support/docview.wss?uid=swg21634646 http://www-01.ibm.com/support/docview.wss? •