CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2017-1612
https://notcve.org/view.php?id=CVE-2017-1612
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. El módulo de rastreo de servicios IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0 y 9.0 podría emplearse para ejecutar código no fiable bajo un usuario "mqm". IBM X-Force ID: 132953. • http://www.ibm.com/support/docview.wss?uid=swg22009918 http://www.securityfocus.com/bid/102479 http://www.securitytracker.com/id/1040175 https://exchange.xforce.ibmcloud.com/vulnerabilities/132953 •
CVSS: 3.6EPSS: 0%CPEs: 12EXPL: 0CVE-2017-1699
https://notcve.org/view.php?id=CVE-2017-1699
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391. IBM MQ Managed File Transfer Agent 8.0 y 9.0 establece permisos no seguros en determinados archivos que crea. Un atacante local podría explotar esta vulnerabilidad para modificar o borrar datos contenidos en los archivos con un impacto no conocido. • http://www.ibm.com/support/docview.wss?uid=swg22010340 https://exchange.xforce.ibmcloud.com/vulnerabilities/134391 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2017-1557
https://notcve.org/view.php?id=CVE-2017-1557
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. IBM WebSphere MQ 8.0 y 9.0 podría permitir que un usuario autenticado con autoridad envíe una petición especialmente manipulada que podría provocar que un proceso de canal deje de procesar más peticiones. IBM X-Force ID: 131547. • http://www.ibm.com/support/docview.wss?uid=swg22004378 http://www.securityfocus.com/bid/102418 https://exchange.xforce.ibmcloud.com/vulnerabilities/131547 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1698
https://notcve.org/view.php?id=CVE-2017-1698
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría revelar información sensible en un mensaje de error, lo que podría dar lugar a más ataques contra el sistema. IBM X-Force ID: 124390. • http://www.ibm.com/support/docview.wss?uid=swg22011519 http://www.securityfocus.com/bid/102281 http://www.securitytracker.com/id/1040043 https://exchange.xforce.ibmcloud.com/vulnerabilities/134390 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1423
https://notcve.org/view.php?id=CVE-2017-1423
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. IBM WebSphere Portal 8.5 y 9.0 expone URL del backend del servidor que están configuradas para ser empleadas por el componente Web Application Bridge. IBM X-Force ID: 127476. • http://www.securitytracker.com/id/1040017 https://exchange.xforce.ibmcloud.com/vulnerabilities/127476 https://www.ibm.com/support/docview.wss?uid=swg22011400 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •