CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1483
https://notcve.org/view.php?id=CVE-2018-1483
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918. IBM WebSphere Portal 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securitytracker.com/id/1040644 https://exchange.xforce.ibmcloud.com/vulnerabilities/140918 https://www.ibm.com/support/docview.wss?uid=swg22015317 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1957
https://notcve.org/view.php?id=CVE-2015-1957
IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482. IBM WebSphere MQ, en versiones 7.5.x anteriores a la 7.5.0.6 y versiones 8.0.x anteriores a la 8.0.0.3, permite que usuarios autenticados remotos obtengan información sensible mediante un ataque Man-in-the-Middle (MitM). Esto está relacionado con la duplicación de datos de mensajes en texto claro fuera de la carga útil protegida. IBM X-Force ID: 103482. • http://www-01.ibm.com/support/docview.wss?uid=swg21960506 https://exchange.xforce.ibmcloud.com/vulnerabilities/103482 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 100EXPL: 0CVE-2018-1384
https://notcve.org/view.php?id=CVE-2018-1384
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135. IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012604 http://www.securityfocus.com/bid/103681 http://www.securitytracker.com/id/1040624 https://exchange.xforce.ibmcloud.com/vulnerabilities/138135 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1747
https://notcve.org/view.php?id=CVE-2017-1747
A specially crafted message could cause a denial of service in IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3, and 9.0.4 applications consuming messages that it needs to perform data conversion on. IBM X-Force ID: 135520. Un mensaje especialmente manipulado podría provocar una denegación de servicio (DoS) en las aplicaciones de IBM WebSphere MQ 9.0, 9.0.0.1, 9.0.0.2, 9.0.1, 9.0.2, 9.0.3 y 9.0.4, consumiendo mensajes que necesita para realizar conversiones de datos. IBM X-Force ID: 135520. • http://www.ibm.com/support/docview.wss?uid=swg22012992 http://www.securityfocus.com/bid/103590 https://exchange.xforce.ibmcloud.com/vulnerabilities/135520 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 80EXPL: 0CVE-2017-1756
https://notcve.org/view.php?id=CVE-2017-1756
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. La versión 8.6 de IBM Business Process Manager permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 135856. • http://www.ibm.com/support/docview.wss?uid=swg22010796 http://www.securityfocus.com/bid/103589 https://exchange.xforce.ibmcloud.com/vulnerabilities/135856 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •