Page 4 of 35 results (0.007 seconds)

CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0

IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session. IBM Global Security Kit (aka GSKit), tal como se utiliza en Content Manager OnDemand 8.5 y 9.0 y otros productos, permite a atacantes remotos provocar una denegación de servicio a través de un handshake manipulado durante la reanudación de una sesión de SSLv2. • http://secunia.com/advisories/56058 http://www-01.ibm.com/support/docview.wss?uid=swg21659548 http://www-01.ibm.com/support/docview.wss?uid=swg21659716 http://www-01.ibm.com/support/docview.wss?uid=swg21659837 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss? • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en workinSet.jsp en IBM Eclipse Help System (IEHS), como es utilizado en el componente instalable InfoCenter en IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0 y 5.2.0, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21657493 http://www.securityfocus.com/bid/64058 https://exchange.xforce.ibmcloud.com/vulnerabilities/88056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en PageBuilder2 (Page Builder aka) en IBM WebSphere Portal v7.0.0.1 7.x antes de CF006, como el usado en IBM Content Manager Web (WCM) y otros productos, permite a atacantes remotos inyectar arbitrariamente web script o HTML a través de vectores no especificados. • http://secunia.com/advisories/45106 http://www.ibm.com/support/docview.wss?uid=swg21503959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges. La herramienta de de creación en IBM Web Content Manager (WCM) v6.1.5, v7.0.0.1 y anteriore a CF003, permite a usuarios remotos autenticados a eludir las restricciones de acceso previsto en la creación de proyectos mediante el aprovechamiento de ciertos privilegios de editor de recursos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM26755 http://www.ibm.com/support/docview.wss?uid=swg24029452 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception. Condición de carrera en IBM Content Manager Web (WCM) v7.0.0.1 anterior a CF003 permite a usuarios remotos autenticados causar una denegación de servicio (consulta recursiva infinita) a través de vectores no especificados, relacionados con una excepción StackOverflowError. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM36141 http://www.ibm.com/support/docview.wss?uid=swg24029452 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •