CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3020
https://notcve.org/view.php?id=CVE-2014-3020
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program. install.sh en Embedded WebSphere Application Server (eWAS) 7.0 anterior a FP33 en IBM Tivoli Integrated Portal (TIP) 2.1 y 2.2 configura permisos de lectura universal para el árbol de directorio installRoot, lo que permite a usuarios locales ganar privilegios a través de un programa de caballo de troya. • http://secunia.com/advisories/59687 http://secunia.com/advisories/59795 http://secunia.com/advisories/60552 http://www-01.ibm.com/support/docview.wss?uid=swg21679952 http://www-01.ibm.com/support/docview.wss?uid=swg21680254 http://www-01.ibm.com/support/docview.wss?uid=swg21680841 http://www.securityfocus.com/bid/69034 https://exchange.xforce.ibmcloud.com/vulnerabilities/93056 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2014-0957
https://notcve.org/view.php?id=CVE-2014-0957
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure. Vulnerabilidad de XSS en IBM Business Process Manager 7.5 hasta 8.5.5, y WebSphere Lombardi Edition 7.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada que provoca un fallo de servicio. • http://secunia.com/advisories/59557 http://www-01.ibm.com/support/docview.wss?uid=swg1JR49990 http://www-01.ibm.com/support/docview.wss?uid=swg21679064 https://exchange.xforce.ibmcloud.com/vulnerabilities/92738 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 42EXPL: 0CVE-2014-0891
https://notcve.org/view.php?id=CVE-2014-0891
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a atacantes remotos obtener información sensible mediante el aprovechamiento del manejo incorrecto de solicitudes por el servidor (1) Proxy o (2) ODR. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI09786 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 https://exchange.xforce.ibmcloud.com/vulnerabilities/91286 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 1%CPEs: 58EXPL: 0CVE-2014-0964
https://notcve.org/view.php?id=CVE-2014-0964
IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. IBM WebSphere Application Server (WAS) 6.1.0.0 hasta 6.1.0.47 y 6.0.2.0 hasta 6.0.2.43 permite a atacantes remotos causar una denegación de servicio a través de trafico TLS manipulado, tal y como fue demostrado por trafico de una herramienta de asesoramiento de vulnerabilidad de CVE-2014-0160. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14306 http://www-01.ibm.com/support/docview.wss?uid=swg1PI16981 http://www-01.ibm.com/support/docview.wss?uid=swg1PI17128 http://www-01.ibm.com/support/docview.wss?uid=swg21671835 http://www-304.ibm.com/support/docview.wss? • CWE-399: Resource Management Errors •
CVSS: 3.5EPSS: 0%CPEs: 47EXPL: 0CVE-2013-6323
https://notcve.org/view.php?id=CVE-2013-6323
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la consola de administración en IBM WebSphere Application Server (WAS) 7.x anterior a 7.0.0.33, 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 y WebSphere Virtual Enterprise 7.x anterior a 7.0.0.5, permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777 http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •