CVSS: 10.0EPSS: 76%CPEs: 2EXPL: 1CVE-2020-4450 – IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4450
05 Jun 2020 — IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. IBM WebSphere Application Server versiones 8.5 y 9.0 traditional, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia de objetos serializados especialmente diseñada. ID de IBM X-Force: 181231 This vulnerability allows remote attackers to execute arbitrary code... • https://github.com/yonggui-li/CVE-2020-4464-and-CVE-2020-4450 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4329 – Red Hat Security Advisory 2020-2054-01
https://notcve.org/view.php?id=CVE-2020-4329
28 Apr 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server versión 7.0, 8.0, 8.5, 9.0 y Liberty versiones 17.0.0.3 hasta 20.0.0.4, podrían permitir a un atacante remoto autentificado obtener información confidencial, causado por la comprobación de paráme... • https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4362
https://notcve.org/view.php?id=CVE-2020-4362
10 Apr 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 tradicional, es susceptible a una vulnerabilidad de escalada de privilegios cuando se usa una autenticación basada en token en una petición de administrador por medio del conector SOAP. ID de IBM X-Force: 178929. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178929 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-4276
https://notcve.org/view.php?id=CVE-2020-4276
26 Mar 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. El tradicional IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es susceptible a una vulnerabilidad de escalada de privilegios cuando se usa la autenticación basada en token en una petición de administrador a través del conector SOAP. ID de X-Force: 175984. • https://github.com/mekoko/CVE-2020-4276 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4670
https://notcve.org/view.php?id=CVE-2019-4670
05 Feb 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto obtener información confidencial, esto es causado por la representación de datos inapropiada. ID de IBM X-Force: 171319. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171319 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4163
https://notcve.org/view.php?id=CVE-2020-4163
04 Feb 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, en condiciones especializadas, podría permitir a un usuario autenticado crear un nombre de archivo diseñado con fines maliciosos que sería interpretado inapropiadamente como contenido jsp y ejecutado. I... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174397 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4720
https://notcve.org/view.php?id=CVE-2019-4720
31 Jan 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a una denegación de servicio, causada mediante el envío de una petición especialmente diseñada. Un atacante remoto podría explotar esta vulnerabilidad para causar qu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172125 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-4441
https://notcve.org/view.php?id=CVE-2019-4441
03 Oct 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5, 9.0 y Liberty, podrían permitir a un atacante remoto obtener información confidencial cuando un rastro de pila es devuelta en el navegador. ID de IBM X-Force: 163177. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163177 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4305
https://notcve.org/view.php?id=CVE-2019-4305
30 Sep 2019 — IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. IBM WebSphere Application Server Liberty, podría permitir a un atacante remoto obtener información confidencial causada por la configuración inapropiada de una cookie. ID de IBM X-Force: 160951. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160951 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4304
https://notcve.org/view.php?id=CVE-2019-4304
30 Sep 2019 — IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. IBM WebSphere Application Server - Liberty, podría permitir a un atacante remoto omitir las restricciones de seguridad causadas por una comprobación de sesión inapropiada. ID de IBM X-Force: 160950. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160950 • CWE-384: Session Fixation •