CVSS: 4.6EPSS: 0%CPEs: 35EXPL: 0CVE-2011-1376
https://notcve.org/view.php?id=CVE-2011-1376
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. iscdeploy en IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.43, v7.0 antes de v7.0.0.21 y v8.0 antes de v8.0.0.2 en la plataforma IBM i establece permisos débiles bajo systemApps/isclite.ear y /bin/client_ffdc/, lo que permite leer o modificar archivos a usuarios locales a través de operaciones estándar del sistema de archivos. • http://www-01.ibm.com/support/docview.wss?uid=swg21569205 http://www-01.ibm.com/support/docview.wss?uid=swg24031675 http://www.ibm.com/support/docview.wss?uid=swg1PM49712 https://exchange.xforce.ibmcloud.com/vulnerabilities/71230 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1368
https://notcve.org/view.php?id=CVE-2011-1368
The JavaServer Faces (JSF) application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors. La funcionalidad de aplicación JavaServer Faces (JSF) de IBM WebSphere Application Server 8.x anteriores a 8.0.0.1 no maneja adecuadamente peticiones, lo que permite a atacantes remotos leer archivos sin especificar a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg24030916 http://www.ibm.com/support/docview.wss?uid=swg1PM45992 https://exchange.xforce.ibmcloud.com/vulnerabilities/70168 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 46EXPL: 0CVE-2011-1359
https://notcve.org/view.php?id=CVE-2011-1359
Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Vulnerabilidad de salto de directorio en la consola de administración en IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.41, v7.0 anteriores a v7.0.0.19, y v8.0 anteriores a v8.0.0.1, permite a atacantes remotos leer ficheros locales de su elección al utilizar caracteres .. (punto punto) en la URI. • http://secunia.com/advisories/45749 http://www-01.ibm.com/support/docview.wss?uid=swg1PM45322 http://www.ibm.com/support/docview.wss?uid=swg21509257 http://www.osvdb.org/74817 http://www.securityfocus.com/bid/49362 https://exchange.xforce.ibmcloud.com/vulnerabilities/69473 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •