CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2014-6164
https://notcve.org/view.php?id=CVE-2014-6164
IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL. IBM WebSphere Application Server 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.4 permite a atacantes remotos falsificar las cookies de OpenID y OpenID connect y en consecuencia, obtener información sensible mediante URL modificadas. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI23430 http://www-01.ibm.com/support/docview.wss?uid=swg21690185 https://exchange.xforce.ibmcloud.com/vulnerabilities/97713 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2014-6167
https://notcve.org/view.php?id=CVE-2014-6167
Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la funcionalidad de reescritura de URL en IBM WebSphere Application Server 7.x anterior a 7.0.0.37, 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI23819 http://www-01.ibm.com/support/docview.wss?uid=swg21690185 https://exchange.xforce.ibmcloud.com/vulnerabilities/97748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-8890
https://notcve.org/view.php?id=CVE-2014-8890
IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations. IBM WebSphere Application Server Liberty Profile 8.5.x anterior a 8.5.5.4 permite a atacantes remotos conseguir privilegios usando la combinación de restricciones de seguridad en los descriptores de despliegue de servlets y anotaciones ServletSecurity. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI29911 http://www-01.ibm.com/support/docview.wss?uid=swg21690185 http://www-01.ibm.com/support/docview.wss?uid=swg21963275 http://www.securityfocus.com/bid/71834 http://www.securitytracker.com/id/1033384 https://exchange.xforce.ibmcloud.com/vulnerabilities/99009 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 57EXPL: 0CVE-2014-3021
https://notcve.org/view.php?id=CVE-2014-3021
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10, y 8.5 anterior a 8.5.5.4 no maneja correctamente las cabeceras HTTP, lo que permite a atacantes remotos obtener datos sensibles de cookies y la autenticación a través de un método HTTP no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI08268 http://www-01.ibm.com/support/docview.wss?uid=swg21684612 https://exchange.xforce.ibmcloud.com/vulnerabilities/93059 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 120EXPL: 0CVE-2014-4770
https://notcve.org/view.php?id=CVE-2014-4770
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10, y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de una URL manipulada. • http://secunia.com/advisories/61418 http://secunia.com/advisories/61423 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055 http://www-01.ibm.com/support/docview.wss?uid=swg21682767 http://www.kb.cert.org/vuls/id/573356 http://www.securityfocus.com/bid/69981 https://exchange.xforce.ibmcloud.com/vulnerabilities/95209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •