CVSS: 9.8EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1309
https://notcve.org/view.php?id=CVE-2011-1309
08 Mar 2011 — The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. El componente Plug-in en IBM WebSphere Application Server (WAS) anterior a v7.0.0.15 no maneja adecuadamente las solicitudes de rastreo, lo que tiene un impacto y vectores de ataque no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM22860 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1315
https://notcve.org/view.php?id=CVE-2011-1315
08 Mar 2011 — Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. Pérdida de memoria en el motor de mensajería de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de conexiones de red asociados con un valor de ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23626 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1308
https://notcve.org/view.php?id=CVE-2011-1308
08 Mar 2011 — Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Installation Verification Test (IVT) en el componente Install en IBM WebSphere Application Server (WAS) anteriores a v7.0.0.15, permite a atacantes remotos iny... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM20393 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2324
https://notcve.org/view.php?id=CVE-2010-2324
18 Jun 2010 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS permite a atacantes remotos efectuar acciones no especificadas de inyección de enlaces a través de vectores desconocidos. • http://secunia.com/advisories/40096 •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2323
https://notcve.org/view.php?id=CVE-2010-2323
18 Jun 2010 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT. IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS podría permitir a atacantes, obtener información sensible leyendo el fichero default_create.log, que está asociado con la creación de perfiles por los trabajos BBOWWPFx y zPMT. • http://secunia.com/advisories/40096 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2325
https://notcve.org/view.php?id=CVE-2010-2325
18 Jun 2010 — Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en la consola de administración de WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS, permite a los atacantes remotos inyectar arbitrariamente un... • http://secunia.com/advisories/40096 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0770
https://notcve.org/view.php?id=CVE-2010-0770
01 Apr 2010 — IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos autenticados provocar una denegación de servicio (cuelgue del ORB ListenerThread) al abortar u... • http://secunia.com/advisories/39140 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 0CVE-2010-0768
https://notcve.org/view.php?id=CVE-2010-0768
01 Apr 2010 — Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a l... • http://secunia.com/advisories/39140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0769
https://notcve.org/view.php?id=CVE-2010-0769
01 Apr 2010 — IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 no define de manera apropiada los objetos J2CCon... • http://secunia.com/advisories/39140 • CWE-255: Credentials Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0906
https://notcve.org/view.php?id=CVE-2009-0906
13 Aug 2009 — The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. El Service Component Architecture (SCA) "feature pack" para IBM WebSphere Application Server (WAS) SCA v1.0 anterior a v1.0.0.3, permite a usuarios autenticados remotamente evitar las restricciones de acceso establecidas por authentication.tra... • http://secunia.com/advisories/36306 • CWE-287: Improper Authentication •