CVSS: 3.5EPSS: 0%CPEs: 15EXPL: 0CVE-2013-6734
https://notcve.org/view.php?id=CVE-2013-6734
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. WebSphere eXtreme Scale Client versiones 7.1 hasta 8.6.0.4 de IBM, no aísla apropiadamente los datos almacenados en caché de diferentes usuarios, lo que permite a los usuarios autenticados remotos obtener información confidencial en circunstancias oportunistas al aprovechar el acceso al mismo contenedor web. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI06341 http://www-01.ibm.com/support/docview.wss?uid=swg21664641 https://exchange.xforce.ibmcloud.com/vulnerabilities/89397 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2013-5394
https://notcve.org/view.php?id=CVE-2013-5394
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. La consola de monitorización en IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, y 8.6.0 permite a usuarios remotos sin autenticar llevar a cabo ataques de phishing a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439 http://www-01.ibm.com/support/docview.wss?uid=swg21652630 https://exchange.xforce.ibmcloud.com/vulnerabilities/87154 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-5390
https://notcve.org/view.php?id=CVE-2013-5390
Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de monitorización en IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, y 8.6.0 permite a atacantes remotos sin autenticar inyectar script web arbitrario o HTML a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439 http://www-01.ibm.com/support/docview.wss?uid=swg21652630 https://exchange.xforce.ibmcloud.com/vulnerabilities/87126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-5393
https://notcve.org/view.php?id=CVE-2013-5393
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. La consola de monitorización en IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, y 8.6.0 no procesa adecuadamente acciones de cierre de sesión, lo que tiene un impacto desconocido y vectores de ataque remotos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439 http://www-01.ibm.com/support/docview.wss?uid=swg21652630 https://exchange.xforce.ibmcloud.com/vulnerabilities/87153 •