CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4782
https://notcve.org/view.php?id=CVE-2020-4782
28 Oct 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (/../) para vis... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189213 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4576
https://notcve.org/view.php?id=CVE-2020-4576
01 Oct 2020 — IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428. IBM WebSphere Application Server versiones 7.5, 8.0, 8.5 y 9.0 tradicional podría permitir a un atacante remoto obtener información confidencial con una secuencia de objetos serializados especialmente diseñada. IBM X-Force ID: 184428 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184428 •
CVSS: 3.3EPSS: 0%CPEs: 15EXPL: 0CVE-2020-4629
https://notcve.org/view.php?id=CVE-2020-4629
30 Sep 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un usuario local con acceso especializado obtener información confidencial a partir de un mensaje de error técnico detallado. Esta información podría ser... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185370 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4643
https://notcve.org/view.php?id=CVE-2020-4643
21 Sep 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidenci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185590 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2020-4578
https://notcve.org/view.php?id=CVE-2020-4578
10 Sep 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/184433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4575
https://notcve.org/view.php?id=CVE-2020-4575
27 Aug 2020 — IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. IBM WebSphere Application Server ND versiones 8.5 y 9.0, e IBM WebSphere Virtual Enterprise versiones 7.0 y 8.0, son vulnerables a un ataque de tipo cross-site scripting cuando High Availability Deployment Manager es configurado • https://exchange.xforce.ibmcloud.com/vulnerabilities/184363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2020-4589
https://notcve.org/view.php?id=CVE-2020-4589
13 Aug 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia especialmente diseñada de objetos serializados de fuentes no confiables. • https://exchange.xforce.ibmcloud.com/vulnerabilities/184585 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 2CVE-2020-4464 – IBM WebSphere Application Server SOAP Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4464
17 Jul 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, tradicionalmente podría permitir a un atacante remoto ejecutar código arbitrario en un sistema con una secuencia especialmente diseñada de objetos serializados a través del conector SOAP. IBM X-Force ID: 181... • https://github.com/yonggui-li/CVE-2020-4464-and-CVE-2020-4450 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 1CVE-2020-4450 – IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4450
05 Jun 2020 — IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. IBM WebSphere Application Server versiones 8.5 y 9.0 traditional, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia de objetos serializados especialmente diseñada. ID de IBM X-Force: 181231 This vulnerability allows remote attackers to execute arbitrary code... • https://github.com/yonggui-li/CVE-2020-4464-and-CVE-2020-4450 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 5%CPEs: 4EXPL: 0CVE-2020-4448 – IBM WebSphere UploadFileArgument Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4448
05 Jun 2020 — IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. IBM WebSphere Application Server Network Deployment versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia de objetos serializados especialmente diseñada de fuentes no confiables. ID de IBM X... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181228 • CWE-502: Deserialization of Untrusted Data •