Page 26 of 147 results (0.038 seconds)

CVSS: 6.8EPSS: 0%CPEs: 73EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Vulnerabilidad CSRF (Cross-site request forgery) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.1 permitía que los atacantes remotos secuestraran la autenticación de usuarios para peticiones arbitrarias que insertan cross-site scripting (XSS) secuencias. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/84591 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 1.9EPSS: 0%CPEs: 72EXPL: 0

The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors. La consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0 no realiza correctamente el almacenamiento en caché, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM79992 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/83965 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 73EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.1 permite a usuarios autenticados remotamente inyectar secuencias web o HTML arbitrarias a través de campos sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88208 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 http://www.securitytracker.com/id/1028932 https://exchange.xforce.ibmcloud.com/vulnerabilities/85270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.29, 8.0 anterior a 8.0.0.6, y 8.5 a la 8.5.0.2 y WebSphere Message Broker 6.1, 7.0 a la 7.0.0.5, y 8.0 a la 8.0.0.2, cuando se usa WS-Security, permite a atacantes remotos suplantar las firmas de los mensajes a través de mensajes SOAP manipulados relacionado con "Signature Wrap attack," vulnerabilidad distinta de CVE-2011-1377 y CVE-2013-0489. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC88185 http://www-01.ibm.com/support/docview.wss?uid=swg1PM76582 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86026 http://www-01.ibm.com/support/docview.wss?uid=swg21634646 http://www-01.ibm.com/support/docview.wss? •

CVSS: 4.0EPSS: 0%CPEs: 57EXPL: 0

Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. Vulnerabilidad de salto de directorio en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes de v7.0.0.29, v8,0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux y UNIX permite a usuarios remotos autenticados modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM82468 https://exchange.xforce.ibmcloud.com/vulnerabilities/82760 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •