Page 38 of 424 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0

IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. IBM WebSphere Application Server (WAS) 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a atacantes remotos leer archivos arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www.securityfocus.com/bid/67329 https://exchange.xforce.ibmcloud.com/vulnerabilities/90498 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 15EXPL: 0

The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request. La consola de administración en IBM WebSphere Application Server (WAS) 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a usuarios remotos autenticados obtener información sensible a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07808 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www.securityfocus.com/bid/67327 https://exchange.xforce.ibmcloud.com/vulnerabilities/90863 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 2%CPEs: 42EXPL: 0

The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. El plugin servidor web en IBM WebSphere Application Server (WAS) 7.x anterior a 7.0.0.33, 8.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2, cuando reintentos POST están habilitados, permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI08892 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www.securityfocus.com/bid/67335 https://exchange.xforce.ibmcloud.com/vulnerabilities/90879 •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x anterior a 8.5.5.2 permite a atacantes remotos obtener información sensible a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI10134 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 https://exchange.xforce.ibmcloud.com/vulnerabilities/91326 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 22EXPL: 0

IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, cuando el cacheo de archivo estático simpleFileServlet está habilitado, permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM98624 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 https://exchange.xforce.ibmcloud.com/vulnerabilities/88905 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •