CVE-2017-1761
https://notcve.org/view.php?id=CVE-2017-1761
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012416 http://www.securitytracker.com/id/1040333 https://exchange.xforce.ibmcloud.com/vulnerabilities/136005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4889
https://notcve.org/view.php?id=CVE-2011-4889
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. La clase javax.naming.directory.AttributeInUseException en Virtual Member Manager en IBM WebSphere Application Server (WAS) en versiones 6.1 anteriores a la 6.1.0.43, versiones 7.0 anteriores a la 7.0.0.21 y versiones 8.0 anteriores a la 8.0.0.2 no actualiza correctamente las contraseñas en una configuración que emplea Tivoli Directory Server. Esto podría permitir que atacantes remotos obtengan acceso a una aplicación aprovechando el conocimiento de una contraseña antigua. IBM X-Force ID: 72581. • https://exchange.xforce.ibmcloud.com/vulnerabilities/72581 https://www-304.ibm.com/support/docview.wss?uid=swg21587015 • CWE-254: 7PK - Security Features •
CVE-2018-1388
https://notcve.org/view.php?id=CVE-2018-1388
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212. GSKit V7 podría revelar información del canal lateral mediante discrepancias entre rellenos PKCS#1 válidos e inválidos. IBM X-Force ID: 138212. • http://www.ibm.com/support/docview.wss?uid=swg22013022 http://www.securityfocus.com/bid/103698 https://exchange.xforce.ibmcloud.com/vulnerabilities/138212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-1731
https://notcve.org/view.php?id=CVE-2017-1731
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría proporcionar seguridad más débil de la esperada al emplear la consola de administración. Un atacante remoto autenticado podría explotar esta vulnerabilidad para obtener privilegios elevados. • http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R http://www.securityfocus.com/bid/102911 http://www.securitytracker.com/id/1040356 https://exchange.xforce.ibmcloud.com/vulnerabilities/134912 •
CVE-2018-1361
https://notcve.org/view.php?id=CVE-2018-1361
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158. IBM WebSphere Portal 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/102501 http://www.securitytracker.com/id/1040132 https://exchange.xforce.ibmcloud.com/vulnerabilities/137158 https://www.ibm.com/support/docview.wss?uid=swg22012409 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •