CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2014-3070
https://notcve.org/view.php?id=CVE-2014-3070
The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task en IBM WebSphere Application Server (WAS) 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.3 no crea cuentas debidamente, lo que permite a atacantes remotos evadir las restricciones de acceso a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/69296 https://exchange.xforce.ibmcloud.com/vulnerabilities/93777 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 45EXPL: 0CVE-2014-3083
https://notcve.org/view.php?id=CVE-2014-3083
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.35, 8.0.x anterior a 8.0.0.10, y 8.5.x anterior a 8.5.5.3 no restringe debidamente el acceso a recursos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI17768 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/69298 https://exchange.xforce.ibmcloud.com/vulnerabilities/93954 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4767
https://notcve.org/view.php?id=CVE-2014-4767
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors. IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x anterior a 8.5.5.3 no utiliza debidamente el repositorio Liberty para la instalación de funcionalidades, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI21284 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/69297 https://exchange.xforce.ibmcloud.com/vulnerabilities/94832 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2014-4764
https://notcve.org/view.php?id=CVE-2014-4764
IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors. IBM WebSphere Application Server (WAS) 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.3, cuando Load Balancer para IPv4 Dispatcher está habilitado, permite a atacantes remotos causar una denegación de servicio (caída de Load Balancer) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI21189 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/69301 https://exchange.xforce.ibmcloud.com/vulnerabilities/94723 •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2014-3022
https://notcve.org/view.php?id=CVE-2014-3022
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9, y 8.5.x anterior a 8.5.5.3 permite a atacantes remotos obtener información sensible a través de una URL manipulada que provoca una condición de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI09594 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/68211 https://exchange.xforce.ibmcloud.com/vulnerabilities/93060 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •