CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0CVE-2017-1484
https://notcve.org/view.php?id=CVE-2017-1484
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. IBM WebSphere Commerce Enterprise, Professional, Express y Developer 7.0 y 8.0 podrían permitir que un atacante autenticado obtenga información como los datos personales de usuario. IBM X-Force ID: 128622. • http://www.ibm.com/support/docview.wss?uid=swg22010103 http://www.securityfocus.com/bid/101894 https://exchange.xforce.ibmcloud.com/vulnerabilities/128622 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1503
https://notcve.org/view.php?id=CVE-2017-1503
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a ataques de división de respuestas HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg22006815 http://www.securityfocus.com/bid/101234 http://www.securitytracker.com/id/1039521 https://exchange.xforce.ibmcloud.com/vulnerabilities/129578 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2017-1126
https://notcve.org/view.php?id=CVE-2017-1126
IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. IBM WebSphere Message Broker (IBM Integration Bus 9.0 y 10.0) permite que un usuario no autorizado obtenga información sensible sobre versiones de software que podría permitir que se produzcan futuros ataques. IBM X-Force ID: 121341. • http://www.ibm.com/support/docview.wss?uid=swg22008470 http://www.securityfocus.com/bid/101104 https://exchange.xforce.ibmcloud.com/vulnerabilities/121341 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2017-1569
https://notcve.org/view.php?id=CVE-2017-1569
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. Las versiones 7.0 y 8.0 de IBM WebSphere Commerce contienen una vulnerabilidad sin especificar en E-Marketing Spots que podría provocar una denegación de servicio (DoS). IBM X-Force ID: 131779. • http://www.ibm.com/support/docview.wss?uid=swg22008547 http://www.securityfocus.com/bid/101073 https://exchange.xforce.ibmcloud.com/vulnerabilities/131779 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1577
https://notcve.org/view.php?id=CVE-2017-1577
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente manipulada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22008586 http://www.securityfocus.com/bid/101017 http://www.securitytracker.com/id/1039405 https://exchange.xforce.ibmcloud.com/vulnerabilities/132117 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •