CVE-2008-7274
https://notcve.org/view.php?id=CVE-2008-7274
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. IBM WebSphere Application Server (WAS) v6.1.0.9, cuando la funcionalidad JAAS Login es habilitada, permite a los atacantes desarrollar una aplicación interna de acceso hashtable (1) no proporcionando una contraseña o (2) proporcionando una contraseña vacía. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565 • CWE-20: Improper Input Validation •
CVE-2011-0316
https://notcve.org/view.php?id=CVE-2011-0316
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. El componente de Consola de Administración de IBM WebSphere Application Server (WAS) v6.1 antrior a v6.1.0.35 y v7.0.0.15 7.0 no restringe correctamente el acceso a la consola de servlets, lo que permite a atacantes remotos obtener información sobre el estado potencialmente sensible a través de una solicitud directa. • http://secunia.com/advisories/42938 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24372 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 https://exchange.xforce.ibmcloud.com/vulnerabilities/64558 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0315
https://notcve.org/view.php?id=CVE-2011-0315
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. Ejecución de secuencias de comandos en sitios cruzados (XSS) en los componentes Servlet Engine / Web Container en IBM WebSphere Application Server (WAS) 6.1 anterior a v6.1.0.35 y v7.0 antrior a v7.0.0.15 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con el falta de una página de error para una aplicación. • http://secunia.com/advisories/42938 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18512 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 https://exchange.xforce.ibmcloud.com/vulnerabilities/64554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0784
https://notcve.org/view.php?id=CVE-2010-0784
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Administrative Console in IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.13 permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores no espefificados. • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM17046 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23872 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/43874 http://www.vupen.com/english/advisories/2010/2595 https://exchange.xforce.ibmcloud.com/vulnerabilities/62948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4220
https://notcve.org/view.php?id=CVE-2010-4220
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Solución Integrada en el componente Administrative Console de IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.13 permite a los atacantes remotos inyectar código web o HTML a su elección a través de vectores no especificados, relativos en parte a "inyección URL". • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM11777 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •