CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2014-6164
https://notcve.org/view.php?id=CVE-2014-6164
IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL. IBM WebSphere Application Server 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.4 permite a atacantes remotos falsificar las cookies de OpenID y OpenID connect y en consecuencia, obtener información sensible mediante URL modificadas. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI23430 http://www-01.ibm.com/support/docview.wss?uid=swg21690185 https://exchange.xforce.ibmcloud.com/vulnerabilities/97713 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 57EXPL: 0CVE-2014-3021
https://notcve.org/view.php?id=CVE-2014-3021
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10, y 8.5 anterior a 8.5.5.4 no maneja correctamente las cabeceras HTTP, lo que permite a atacantes remotos obtener datos sensibles de cookies y la autenticación a través de un método HTTP no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI08268 http://www-01.ibm.com/support/docview.wss?uid=swg21684612 https://exchange.xforce.ibmcloud.com/vulnerabilities/93059 • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 120EXPL: 0CVE-2014-4816
https://notcve.org/view.php?id=CVE-2014-4816
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en la consola de administración en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10 y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias XSS. • http://secunia.com/advisories/61418 http://secunia.com/advisories/61423 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055 http://www-01.ibm.com/support/docview.wss?uid=swg21682767 http://www.kb.cert.org/vuls/id/573356 http://www.securityfocus.com/bid/69980 https://exchange.xforce.ibmcloud.com/vulnerabilities/95402 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 0%CPEs: 120EXPL: 0CVE-2014-4770
https://notcve.org/view.php?id=CVE-2014-4770
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10, y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de una URL manipulada. • http://secunia.com/advisories/61418 http://secunia.com/advisories/61423 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055 http://www-01.ibm.com/support/docview.wss?uid=swg21682767 http://www.kb.cert.org/vuls/id/573356 http://www.securityfocus.com/bid/69981 https://exchange.xforce.ibmcloud.com/vulnerabilities/95209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 45EXPL: 0CVE-2014-3083
https://notcve.org/view.php?id=CVE-2014-3083
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.35, 8.0.x anterior a 8.0.0.10, y 8.5.x anterior a 8.5.5.3 no restringe debidamente el acceso a recursos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI17768 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/69298 https://exchange.xforce.ibmcloud.com/vulnerabilities/93954 • CWE-264: Permissions, Privileges, and Access Controls •