CVE-2010-4220
https://notcve.org/view.php?id=CVE-2010-4220
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Solución Integrada en el componente Administrative Console de IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.13 permite a los atacantes remotos inyectar código web o HTML a su elección a través de vectores no especificados, relativos en parte a "inyección URL". • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM11777 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0786
https://notcve.org/view.php?id=CVE-2010-0786
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. El componente Web Services Security en IBM WebSphere Application Server (WAS) v7.0 anteiror v7.0.0.13 no implementa adecuadamente la API Java para los Web Services XML (también conocido como JAX-WS), lo que permite a atacantes remotos causar una denegación de servicio (corrupción de datos) a través de una petición JAX-WS manipulada que provoca datos codificados incorrectamente. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM13777 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 https://exchange.xforce.ibmcloud.com/vulnerabilities/62950 • CWE-20: Improper Input Validation •
CVE-2010-0785
https://notcve.org/view.php?id=CVE-2010-0785
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.35 y v7.0 y v7.0.0.13, permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos. • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/43875 http://www.vupen.com/english/advisories/2010/2595 https://exchange.xforce.ibmcloud.com/vulnerabilities/62949 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2010-0783
https://notcve.org/view.php?id=CVE-2010-0783
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola administrativa en IBM WebSphere Application Server (WAS) v6.1 anterio v6.1.0.35 y v7.0 anteior v7.0.0.13 permite a atacantes remotos inyecatar código web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/41722 http://secunia.com/advisories/42136 http://securitytracker.com/id?1024686 http://www-01.ibm.com/support/docview.wss?uid=swg1PM14251 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.osvdb.org/69007 https://exchange.xforce.ibmcloud.com/vulnerabilities/62947 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-3186
https://notcve.org/view.php?id=CVE-2010-3186
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors. El servidor de aplicaciones IBM WebSphere (WAS) v7.x en versiones anteriores a la v7.0.0.13, y WebSphere Application Server Feature Pack para Web Services v6.1.0.9 hasta la v6.1.0.32, si se utiliza una aplicación JAX-WS, no maneja apropiadamente una opción de configuración IncludeTimestamp en la política WS-Security, lo que tiene un impacto y vectores de ataque sin especificar. • http://osvdb.org/67570 http://secunia.com/advisories/41173 http://www-01.ibm.com/support/docview.wss?uid=swg1PM08360 http://www-01.ibm.com/support/docview.wss?uid=swg1PM16014 http://www-01.ibm.com/support/docview.wss?uid=swg21443736 http://www-01.ibm.com/support/docview.wss?uid=swg24027708 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •