CVSS: 6.0EPSS: 0%CPEs: 120EXPL: 0CVE-2014-4816
https://notcve.org/view.php?id=CVE-2014-4816
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en la consola de administración en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10 y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias XSS. • http://secunia.com/advisories/61418 http://secunia.com/advisories/61423 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055 http://www-01.ibm.com/support/docview.wss?uid=swg21682767 http://www.kb.cert.org/vuls/id/573356 http://www.securityfocus.com/bid/69980 https://exchange.xforce.ibmcloud.com/vulnerabilities/95402 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 1%CPEs: 58EXPL: 0CVE-2014-0964
https://notcve.org/view.php?id=CVE-2014-0964
IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. IBM WebSphere Application Server (WAS) 6.1.0.0 hasta 6.1.0.47 y 6.0.2.0 hasta 6.0.2.43 permite a atacantes remotos causar una denegación de servicio a través de trafico TLS manipulado, tal y como fue demostrado por trafico de una herramienta de asesoramiento de vulnerabilidad de CVE-2014-0160. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14306 http://www-01.ibm.com/support/docview.wss?uid=swg1PI16981 http://www-01.ibm.com/support/docview.wss?uid=swg1PI17128 http://www-01.ibm.com/support/docview.wss?uid=swg21671835 http://www-304.ibm.com/support/docview.wss? • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 54EXPL: 0CVE-2013-0542
https://notcve.org/view.php?id=CVE-2013-0542
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.5.0.2 permite a atacantes remotos inyectar arbitraria secuencias de comandos web o HTML a través de los valores de campo artesanales. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM81846 https://exchange.xforce.ibmcloud.com/vulnerabilities/82697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4851
https://notcve.org/view.php?id=CVE-2012-4851
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM WebSphere Application Server v8.5 Liberty Profile antes de v8.5.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URI diseñada para tal fin. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM68643 http://www.ibm.com/support/docview.wss?uid=swg21614265 http://www.securityfocus.com/bid/56423 https://exchange.xforce.ibmcloud.com/vulnerabilities/79541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 135EXPL: 0CVE-2012-2162
https://notcve.org/view.php?id=CVE-2012-2162
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. El complemento Web Server en IBM WebSphere Application Server (WAS) v8.0 y anteriores, utilizan comunicaciones sin HTTP cifrar después de la expiración de la contraseña de plugin-key.kdb, lo que permite a atacantes remotos obtener información sensible el tráfico de la red o servidores suplantar arbitrarios mediante un ataque man-in-the-middle. • http://www-01.ibm.com/support/docview.wss?uid=swg21588312 http://www-01.ibm.com/support/docview.wss?uid=swg21591172 https://exchange.xforce.ibmcloud.com/vulnerabilities/74900 • CWE-310: Cryptographic Issues •