CVE-2018-1794
https://notcve.org/view.php?id=CVE-2018-1794
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0, utilizando OAuth, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securitytracker.com/id/1041802 https://exchange.xforce.ibmcloud.com/vulnerabilities/148949 https://www.ibm.com/support/docview.wss?uid=ibm10729571 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1793
https://notcve.org/view.php?id=CVE-2018-1793
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0, utilizando SAML, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securitytracker.com/id/1041801 https://exchange.xforce.ibmcloud.com/vulnerabilities/148948 https://www.ibm.com/support/docview.wss?uid=ibm10729563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1672
https://notcve.org/view.php?id=CVE-2018-1672
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría fracasar a la hora de establecer el contexto de usuario correcto en ciertos escenarios de suplantación, lo que puede permitir que un usuario actúe con la identidad de otro usuario. IBM X-Force ID: 144958. • http://www.securitytracker.com/id/1041766 https://exchange.xforce.ibmcloud.com/vulnerabilities/144958 https://www.ibm.com/support/docview.wss?uid=ibm10716981 • CWE-287: Improper Authentication •
CVE-2018-1420
https://notcve.org/view.php?id=CVE-2018-1420
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 restablece las opciones de control de acceso a su configuración de fábrica durante la instalación Combined Cumulative Fix (CF). Esto puede conducir a una mala configuración del seguridad de la instalación. • http://www.securitytracker.com/id/1041767 https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 https://www.ibm.com/support/docview.wss?uid=swg22014276 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-1820
https://notcve.org/view.php?id=CVE-2018-1820
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096. IBM WebSphere Portal 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securitytracker.com/id/1041751 https://exchange.xforce.ibmcloud.com/vulnerabilities/150096 https://www.ibm.com/support/docview.wss?uid=ibm10732287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •