CVE-2013-5428
https://notcve.org/view.php?id=CVE-2013-5428
IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. IBM WebSphere DataPower XC10 2.5.0 no requiere autenticación para todas las acciones administrativas, lo que permite a atacantes remotos causar una denegación de servicio a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC93164 http://www-01.ibm.com/support/docview.wss?uid=swg1IC96617 http://www.ibm.com/support/docview.wss?uid=swg21653546 https://exchange.xforce.ibmcloud.com/vulnerabilities/87560 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-5403
https://notcve.org/view.php?id=CVE-2013-5403
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere DataPower XC10 appliance v2.0 hasta v2.5.0.1 permite a atacantes remotos conseguir acceso administrativo a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96174 http://www.ibm.com/support/docview.wss?uid=swg21651098 https://exchange.xforce.ibmcloud.com/vulnerabilities/87299 •
CVE-2013-0499
https://notcve.org/view.php?id=CVE-2013-0499
Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services. Una vulnerabilidad de tipo cross-site scripting (XSS) en la funcionalidad echo en dispositivos SOA WebSphere DataPower de IBM con la versión de firmware 3.8.2, 4.0, 4.0.1, 4.0.2 y 5.0.0, permite a los atacantes remotos inyectar script web o HTML arbitrarios por medio de un mensaje SOAP, como es demostrado por los servicios Firewall XML, Multi Protocol Gateway (MPGW), Proxy de servicio web y Token web. • http://seclists.org/bugtraq/2013/May/83 http://www-01.ibm.com/support/docview.wss?uid=swg21637717 https://exchange.xforce.ibmcloud.com/vulnerabilities/82221 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130523-0_IBM_Xi50_Echo-WebService_Xss_in_Xml_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0600
https://notcve.org/view.php?id=CVE-2013-0600
Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. Vulnerabilidad sin especificar en dispositivos IBM WebSphere DataPower XC10 Appliance v2.0 y v2.1 hasta v2.1 FP3 lo que permite a atacantes remotos burlar la autenticación y realizar acciones administraticas a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC91726 http://www-01.ibm.com/support/docview.wss?uid=swg21636324 •
CVE-2012-5758
https://notcve.org/view.php?id=CVE-2012-5758
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors. El IBM WebSphere DataPower XC10 Appliance v2.0.0.0 hasta v2.0.0.3 y v2.1.0.0 hasta v2.1.0.2 no requiere autenticación para una interfaz no especificada, lo que permite a usuarios remotos generar una denegación de servicio (salida del proceso) mediante vectores desconocidos. • http://secunia.com/advisories/51319 http://www-01.ibm.com/support/docview.wss?uid=swg1IC86908 http://www-01.ibm.com/support/docview.wss?uid=swg21615783 http://www-01.ibm.com/support/docview.wss?uid=swg24033740 http://www.securityfocus.com/bid/56617 http://www.securitytracker.com/id?1027798 https://exchange.xforce.ibmcloud.com/vulnerabilities/80063 • CWE-287: Improper Authentication •