CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2014-3022
https://notcve.org/view.php?id=CVE-2014-3022
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9, y 8.5.x anterior a 8.5.5.3 permite a atacantes remotos obtener información sensible a través de una URL manipulada que provoca una condición de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI09594 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/68211 https://exchange.xforce.ibmcloud.com/vulnerabilities/93060 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 42EXPL: 0CVE-2014-0891
https://notcve.org/view.php?id=CVE-2014-0891
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a atacantes remotos obtener información sensible mediante el aprovechamiento del manejo incorrecto de solicitudes por el servidor (1) Proxy o (2) ODR. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI09786 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 https://exchange.xforce.ibmcloud.com/vulnerabilities/91286 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 47EXPL: 0CVE-2013-6323
https://notcve.org/view.php?id=CVE-2013-6323
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la consola de administración en IBM WebSphere Application Server (WAS) 7.x anterior a 7.0.0.33, 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 y WebSphere Virtual Enterprise 7.x anterior a 7.0.0.5, permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777 http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0857
https://notcve.org/view.php?id=CVE-2014-0857
The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request. La consola de administración en IBM WebSphere Application Server (WAS) 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a usuarios remotos autenticados obtener información sensible a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07808 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www.securityfocus.com/bid/67327 https://exchange.xforce.ibmcloud.com/vulnerabilities/90863 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0823
https://notcve.org/view.php?id=CVE-2014-0823
IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. IBM WebSphere Application Server (WAS) 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a atacantes remotos leer archivos arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www.securityfocus.com/bid/67329 https://exchange.xforce.ibmcloud.com/vulnerabilities/90498 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •