CVSS: 6.8EPSS: 1%CPEs: 26EXPL: 0CVE-2008-4679
https://notcve.org/view.php?id=CVE-2008-4679
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. El componente Web Services Security en IBM WebSphere Application Server (WAS) v6.0.2 anterior a v6.0.2.31 y v6.1 anterior a v6.1.0.19, cuando el Certificate Store Collections está configurado para usar las Certificate Revocation Lists (CRL), no llama al método setRevocationEnabled en el objeto PKIXBuilderParameters, que previene el "Java security method" desde la validación del estado de revocación de lso certificados X.509 y permite a atacantes remotos saltarse las restricciones de acceso establecidas a través de un mensaje SOAP con un certificado revocado. • http://secunia.com/advisories/32296 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61258 http://www.securityfocus.com/bid/31839 http://www.vupen.com/english/advisories/2008/2871 https://exchange.xforce.ibmcloud.com/vulnerabilities/46002 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 1%CPEs: 21EXPL: 0CVE-2008-4111
https://notcve.org/view.php?id=CVE-2008-4111
Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors. Vulnerabilidad sin especificar en Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) 6.1 anterior a 6.1.0.19, cuando la opción FileServing está activada, tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/31892 http://secunia.com/advisories/32296 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK64302 http://www.securityfocus.com/bid/31186 http://www.securityfocus.com/bid/31839 http://www.vupen.com/english/advisories/2008/2566 http://www.vupen.com/english/advisories/2008/2871 https://exchange.xforce.ibmcloud.com/vulnerabilities/4512 •
CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2008-3236
https://notcve.org/view.php?id=CVE-2008-3236
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. Vulnerabilidad sin especificar en Wsadmin en el cmponente System Management/Repository en IBM WebSphere Application Server (WAS) 5.1 anterior a 5.1.1.19, permite a atacantes remotos obtener información sensible a través de vectores relacionados con "propiedades previamente encriptadas" que no están encriptadas. • http://secunia.com/advisories/31149 http://secunia.com/advisories/31892 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61941 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.vupen.com/english/advisories/2008/2140 http://www.vupen.com/english/advisories/2008/2566 https://exchange.xforce.ibmcloud.com/vulnerabilities/45123 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2008-3235
https://notcve.org/view.php?id=CVE-2008-3235
Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. Vulnerabilidad sin especificar en la Utilidad PropFilePasswordEncoder del componente Security en IBM WebSphere Application Server (WAS) 5.1 anterior a 5.1.1.19 tiene un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/31149 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61436 http://www-1.ibm.com/support/docview.wss?uid=swg27006879 http://www.securityfocus.com/bid/30280 http://www.securitytracker.com/id?1020528 http://www.vupen.com/english/advisories/2008/2140/references • CWE-255: Credentials Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 0CVE-2008-2550
https://notcve.org/view.php?id=CVE-2008-2550
Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. Vulnerabilidad sin especificar del componente Web Services Security en Web Services Security (WAS) versiones 6.1 anteriores a la 6.1.0.17 tiene un impacto desconocido y vectores de ataque relacionados con un atributo de la cabecera de seguridad SOAP. • http://secunia.com/advisories/30526 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK61315 http://www.securitytracker.com/id?1020168 http://www.vupen.com/english/advisories/2008/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/42822 •