CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1503
https://notcve.org/view.php?id=CVE-2018-1503
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339. IBM WebSphere MQ 7.5, 8.0 y 9.0 podría permitir que un atacante autenticado remoto envíe cabeceras inválidas o mal formadas que podrían provocar que los mensajes ya no se transmitan mediante el canal afectado. IBM X-Force ID: 141339. • http://www.ibm.com/support/docview.wss?uid=swg22015617 http://www.securityfocus.com/bid/104953 http://www.securitytracker.com/id/1041387 https://exchange.xforce.ibmcloud.com/vulnerabilities/141339 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-2951
https://notcve.org/view.php?id=CVE-2013-2951
IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621. IBM WebSphere Portal en versiones 7.0.0.x y 8.0.0.x escribe contraseñas a un archivo de rastreo cuando éste está habilitado para el Selfcare Portlet (Profile Management), lo que permite que usuarios locales obtengan información sensible mediante la lectura del archivo. IBM X-Force ID: 83621. • http://www-01.ibm.com/support/docview.wss?uid=swg21642097 https://exchange.xforce.ibmcloud.com/vulnerabilities/83621 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2972
https://notcve.org/view.php?id=CVE-2013-2972
IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868. IBM WebSphere Cast Iron 6.3 permite que atacantes remotos omitan las restricciones de acceso planeadas mediante vectores sin especificar. IBM X-Force ID: 83868. • https://exchange.xforce.ibmcloud.com/vulnerabilities/83868 https://www-01.ibm.com/support/docview.wss?uid=swg21635993 • CWE-284: Improper Access Control •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1795
https://notcve.org/view.php?id=CVE-2017-1795
IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. IBM WebSphere MQ 7.5, 8.0 y 9.0 hasta la versión 9.0.4 podría permitir que un usuario local obtenga información sensible mediante registros de rastreo en IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. • http://www.ibm.com/support/docview.wss?uid=swg22012389 https://exchange.xforce.ibmcloud.com/vulnerabilities/137042 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1621
https://notcve.org/view.php?id=CVE-2018-1621
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante local obtenga contraseñas en texto claro en un archivo trace provocado por la gestión incorrecta de algunas propiedades datasource personalizadas. IBM X-Force ID: 144346. • http://www.ibm.com/support/docview.wss?uid=swg22016821 http://www.securitytracker.com/id/1041226 https://exchange.xforce.ibmcloud.com/vulnerabilities/144346 • CWE-312: Cleartext Storage of Sensitive Information •