CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29754
https://notcve.org/view.php?id=CVE-2021-29754
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es suceptible a una vulnerabilidad de escalada de privilegios cuando se usa el SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202006 https://www.ibm.com/support/pages/node/6462627 •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20454
https://notcve.org/view.php?id=CVE-2021-20454
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/196649 https://www.ibm.com/support/pages/node/6445481 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20480
https://notcve.org/view.php?id=CVE-2021-20480
IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502. IBM WebSphere Application Server versiones 7.0, 8.0 y 8.5, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Al enviar una petición especialmente diseñada, un atacante autenticado remotamente podría explotar esta vulnerabilidad para obtener datos confidenciales. • https://exchange.xforce.ibmcloud.com/vulnerabilities/197502 https://www.ibm.com/support/pages/node/6441063 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5016
https://notcve.org/view.php?id=CVE-2020-5016
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto saltos de directorios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/193556 https://www.ibm.com/support/pages/node/6427873 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 1%CPEs: 4EXPL: 0CVE-2021-20353 – IBM WebSphere EDataGraphImpl Deserialization of Untrusted Data Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-20353
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/194882 https://www.ibm.com/support/pages/node/6413709 https://www.zerodayinitiative.com/advisories/ZDI-21-174 • CWE-611: Improper Restriction of XML External Entity Reference •