CVSS: 6.0EPSS: 0%CPEs: 120EXPL: 0CVE-2014-4816
https://notcve.org/view.php?id=CVE-2014-4816
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en la consola de administración en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10 y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias XSS. • http://secunia.com/advisories/61418 http://secunia.com/advisories/61423 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055 http://www-01.ibm.com/support/docview.wss?uid=swg21682767 http://www.kb.cert.org/vuls/id/573356 http://www.securityfocus.com/bid/69980 https://exchange.xforce.ibmcloud.com/vulnerabilities/95402 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2014-0965
https://notcve.org/view.php?id=CVE-2014-0965
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9, y 8.5.x anterior a 8.5.5.3 permite a atacantes remotos obtener información sensible a través de una respuesta SOAP manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI11434 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/68210 https://exchange.xforce.ibmcloud.com/vulnerabilities/92878 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2014-3070
https://notcve.org/view.php?id=CVE-2014-3070
The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task en IBM WebSphere Application Server (WAS) 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.3 no crea cuentas debidamente, lo que permite a atacantes remotos evadir las restricciones de acceso a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/69296 https://exchange.xforce.ibmcloud.com/vulnerabilities/93777 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 45EXPL: 0CVE-2014-3083
https://notcve.org/view.php?id=CVE-2014-3083
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.35, 8.0.x anterior a 8.0.0.10, y 8.5.x anterior a 8.5.5.3 no restringe debidamente el acceso a recursos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI17768 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/69298 https://exchange.xforce.ibmcloud.com/vulnerabilities/93954 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4767
https://notcve.org/view.php?id=CVE-2014-4767
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors. IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x anterior a 8.5.5.3 no utiliza debidamente el repositorio Liberty para la instalación de funcionalidades, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI21284 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/69297 https://exchange.xforce.ibmcloud.com/vulnerabilities/94832 • CWE-94: Improper Control of Generation of Code ('Code Injection') •