CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2012-5951
https://notcve.org/view.php?id=CVE-2012-5951
26 Dec 2012 — Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. Una vulnerabilidad no especificada en IBM Tivoli NetView v1.4, v5.1 a v5.4 y v6.1 en z/OS permite a usuarios locales obtener privilegios aprovechándose de su acceso al nivel de seguridad "normal" de Unix System Services (USS). • http://www-01.ibm.com/support/docview.wss?uid=swg1OA41059 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2012-3311
https://notcve.org/view.php?id=CVE-2012-3311
25 Sep 2012 — IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.45, 7.0 anteriores a v7.0.0.25, 8.0 anteriores ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4435
https://notcve.org/view.php?id=CVE-2011-4435
11 Nov 2011 — The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests. El componente de servidor web en Consolidation and Analysis Engine (CAE) Server en DB2 Query Monitor en IBM DB2 Tools v2.3.0 para z/OS no impide la exploración de directorios, lo que permite a atacantes remotos obtener información sensible a través de peticiones... • http://secunia.com/advisories/46487 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 100EXPL: 0CVE-2011-1683
https://notcve.org/view.php?id=CVE-2011-1683
13 Apr 2011 — IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. IBM WebSphere Application Server (WAS) v6.0.x hasta v6.0.2.43, v6.1.x anterior a v6.1.0.37, y v7.0.x anterior a v7.0.0.17 sobre z/OS, cuando un usuario registrado en Locla OS o Federated Repository con adaptador RACF está us... • http://secunia.com/advisories/43965 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2010-2327
https://notcve.org/view.php?id=CVE-2010-2327
18 Jun 2010 — mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. mod_ibm_ssl en IBM HTTP Server v6.0 anteriores a v6.0.2.43, v6.1 anteriores a v6.1.0.33, y v7.0 anteriores a v7.0.0.11, como las utilizadas en IBM WebSphere Application Server (WAS) en z/O... • http://secunia.com/advisories/40096 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 46EXPL: 0CVE-2010-1651
https://notcve.org/view.php?id=CVE-2010-1651
30 Apr 2010 — IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. IBM WebSphere Application Server (WAS) v6.1.x antes de v6.1.0.31 y v7.0.x antes de v7.0.0.11, cuando estan habilitados la autenticación Basic y las trazas SIP (esto es, los logs para SIP estan ... • http://secunia.com/advisories/39628 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 0CVE-2009-0856
https://notcve.org/view.php?id=CVE-2009-0856
09 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Varias vulnerabilidades de tipo Cross-Site Scripting (XSS) en aplicaciones de muestra en IBM WebSphere Application Server (WAS) versión 6.0.2 anteriores a 6.0.2.35, y versión 6.1 anterior a 6.1.0.23 en z/OS, permiten a atacantes remotos inyectar script... • http://securitytracker.com/id?1021811 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2009-0506
https://notcve.org/view.php?id=CVE-2009-0506
25 Feb 2009 — Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. Vulnerabilidad sin especificar en IBM WebSphere Application Server (WAS) v5.1 y v6.0.2 anterior a v6.0.2.33 sobre z/OS, cuando está... • http://www-01.ibm.com/support/docview.wss?uid=swg27006876 •