CVE-2011-1032
https://notcve.org/view.php?id=CVE-2011-1032
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. IBM Lotus Connections v3.0, cuando IBM WebSphere Application Server v7.0.0.11 es usada, no restringe adecuadamente el acceso al módulo de login interno, que tiene un impacto no especificado y vectores de ataque. • http://osvdb.org/70931 http://secunia.com/advisories/43298 http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565 http://www.ibm.com/support/docview.wss?uid=swg21462435 http://www.vupen.com/english/advisories/2011/0382 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-7274
https://notcve.org/view.php?id=CVE-2008-7274
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. IBM WebSphere Application Server (WAS) v6.1.0.9, cuando la funcionalidad JAAS Login es habilitada, permite a los atacantes desarrollar una aplicación interna de acceso hashtable (1) no proporcionando una contraseña o (2) proporcionando una contraseña vacía. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565 • CWE-20: Improper Input Validation •
CVE-2011-0316
https://notcve.org/view.php?id=CVE-2011-0316
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. El componente de Consola de Administración de IBM WebSphere Application Server (WAS) v6.1 antrior a v6.1.0.35 y v7.0.0.15 7.0 no restringe correctamente el acceso a la consola de servlets, lo que permite a atacantes remotos obtener información sobre el estado potencialmente sensible a través de una solicitud directa. • http://secunia.com/advisories/42938 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24372 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 https://exchange.xforce.ibmcloud.com/vulnerabilities/64558 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0315
https://notcve.org/view.php?id=CVE-2011-0315
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. Ejecución de secuencias de comandos en sitios cruzados (XSS) en los componentes Servlet Engine / Web Container en IBM WebSphere Application Server (WAS) 6.1 anterior a v6.1.0.35 y v7.0 antrior a v7.0.0.15 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con el falta de una página de error para una aplicación. • http://secunia.com/advisories/42938 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18512 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 https://exchange.xforce.ibmcloud.com/vulnerabilities/64554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0784
https://notcve.org/view.php?id=CVE-2010-0784
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Administrative Console in IBM WebSphere Application Server (WAS) v7.0 anterior a v7.0.0.13 permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores no espefificados. • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM17046 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23872 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/43874 http://www.vupen.com/english/advisories/2010/2595 https://exchange.xforce.ibmcloud.com/vulnerabilities/62948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •