Page 29 of 224 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la consola de solución de integración IBM WebSphere Application Server v7.0 anterior a v7.0.0.23 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URL malicioso. • http://www.ibm.com/support/docview.wss?uid=swg1PM52274 http://www.ibm.com/support/docview.wss?uid=swg21595172 https://exchange.xforce.ibmcloud.com/vulnerabilities/74044 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la consola de administración de IBM WebSphere Application Server v7.0 anterior a v7.0.0.23 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www.ibm.com/support/docview.wss?uid=swg1PM53132 http://www.ibm.com/support/docview.wss?uid=swg21595172 http://www.securityfocus.com/bid/52722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 135EXPL: 0

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. El complemento Web Server en IBM WebSphere Application Server (WAS) v8.0 y anteriores, utilizan comunicaciones sin HTTP cifrar después de la expiración de la contraseña de plugin-key.kdb, lo que permite a atacantes remotos obtener información sensible el tráfico de la red o servidores suplantar arbitrarios mediante un ataque man-in-the-middle. • http://www-01.ibm.com/support/docview.wss?uid=swg21588312 http://www-01.ibm.com/support/docview.wss?uid=swg21591172 https://exchange.xforce.ibmcloud.com/vulnerabilities/74900 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 1%CPEs: 67EXPL: 0

IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. IBM WebSphere Application Server (WAS) v6.0 hasta v6.0.2.43, v6.1 antes de v6.1.0.43 6.1, v7.0 antes de v7.0.0.23, v8.0 antes de v8.0.0.3 calcula los valores hash de los parámetros de los formularios sin restringir la posibilidad de ocasionar colisiones hash de una forma predecible, lo que permite provocar una denegación de servicio (por consumo de CPU) a atacantes remotos mediante el envío de gran cantidad de parámetros generados para este fin. • http://osvdb.org/78321 http://www-01.ibm.com/support/docview.wss?uid=swg1PM53930 http://www-01.ibm.com/support/docview.wss?uid=swg21577532 http://www-01.ibm.com/support/docview.wss?uid=swg24031821 • CWE-20: Improper Input Validation •

CVSS: 4.6EPSS: 0%CPEs: 35EXPL: 0

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. iscdeploy en IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.43, v7.0 antes de v7.0.0.21 y v8.0 antes de v8.0.0.2 en la plataforma IBM i establece permisos débiles bajo systemApps/isclite.ear y /bin/client_ffdc/, lo que permite leer o modificar archivos a usuarios locales a través de operaciones estándar del sistema de archivos. • http://www-01.ibm.com/support/docview.wss?uid=swg21569205 http://www-01.ibm.com/support/docview.wss?uid=swg24031675 http://www.ibm.com/support/docview.wss?uid=swg1PM49712 https://exchange.xforce.ibmcloud.com/vulnerabilities/71230 • CWE-264: Permissions, Privileges, and Access Controls •