CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27270 – IBM WebSphere Application Server Liberty cross-site scripting
https://notcve.org/view.php?id=CVE-2024-27270
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. IBM WebSphere Application Server Liberty 23.0.0.3 a 24.0.0.3 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en un URI especialmente manipulado. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284576 https://www.ibm.com/support/pages/node/7145231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50312 – IBM WebSphere Application Server Liberty information disclosure
https://notcve.org/view.php?id=CVE-2023-50312
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711. IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.2 podría proporcionar una seguridad más débil de lo esperado para las conexiones TLS salientes causadas por una falla al respetar la configuración del usuario. ID de IBM X-Force: 274711. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274711 https://www.ibm.com/support/pages/node/7125527 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46158 – IBM WebSphere Application Server session fixation
https://notcve.org/view.php?id=CVE-2023-46158
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. IBM WebSphere Application Server Liberty 23.0.0.9 a 23.0.0.10 podría proporcionar una seguridad más débil de lo esperado debido a un manejo inadecuado de la caducidad de recursos. ID de IBM X-Force: 268775. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268775 https://www.ibm.com/support/pages/node/7058356 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38737 – IBM WebSphere Application Server Liberty denial of service
https://notcve.org/view.php?id=CVE-2023-38737
IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567. IBM WebSphere Application Server Liberty 22.0.0.13 a 23.0.0.7 es vulnerable a una denegación de servicio provocada por el envío de una solicitud especialmente diseñada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262567 https://www.ibm.com/support/pages/node/7027509 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35890 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-35890
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637. IBM WebSphere Application Server v8.5 y v9.0 podrían proporcionar una seguridad más débil de lo esperado, causada por la codificación incorrecta en un archivo de configuración local. ID de IBM X-Force: 258637. • https://https://www.ibm.com/support/pages/node/7007857 https://www.ibm.com/support/pages/node/7007857 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •