CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-1182
https://notcve.org/view.php?id=CVE-2010-1182
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. Varias vulnerabilidades sin especificar en la consola de administración de IBM WebSphere Application Server (WAS) v7.0.x hasta la v7.0.0.9 en z/OS tienen un impacto y vectores de ataque desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376 http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161 http://www.vupen.com/english/advisories/2010/0609 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0563
https://notcve.org/view.php?id=CVE-2010-0563
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. La funcionalidad Single Sign-on (SSO) en IBM WebSphere Application Server (WAS) v7.0.0.0 a la v7.0.0.8, no reconoce la opción de configuración "Requires SSL", lo que podría permitir a atacantes remotos obtener información sensible analizando las sesiones de red que se suponen están cifradas. • http://secunia.com/advisories/38425 http://securitytracker.com/id?1023551 http://www-01.ibm.com/support/docview.wss?uid=swg21417839 http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610 http://www.osvdb.org/62140 http://www.securityfocus.com/bid/38122 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 59EXPL: 0CVE-2009-2746
https://notcve.org/view.php?id=CVE-2009-2746
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la consola de administración en el componente Security en IBM WebSphere Application Server (WAS) v6.0.2 anteriores a v6.0.2.39, v6.1 anteriores a v6.1.0.29, y v7.0 anteriores a v7.0.0.7 permite a atacantes remotos secuestrar la autenticación de administradores mediante vectores no especificados. • http://secunia.com/advisories/37221 http://www-01.ibm.com/support/docview.wss?uid=swg1PK87176 http://www-01.ibm.com/support/docview.wss?uid=swg1PK99477 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 https://exchange.xforce.ibmcloud.com/vulnerabilities/54227 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 2.1EPSS: 0%CPEs: 22EXPL: 0CVE-2009-2743
https://notcve.org/view.php?id=CVE-2009-2743
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. En WebSphere Application Server (WAS) de IBM versiones 6.1 anteriores a 6.1.0.27 y versiones 7.0 anteriores a 7.0.0.7, no manejan apropiadamente una excepción que se produce después del uso de scripts wsadmin y la configuración de JAAS-J2C Authentication Data, que permite a los usuarios locales obtener información confidencial mediante la lectura del archivo de registro de First Failure Data Capture (FFDC). • http://secunia.com/advisories/37796 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK86137 http://www.vupen.com/english/advisories/2009/2721 https://exchange.xforce.ibmcloud.com/vulnerabilities/53343 •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2009-2088
https://notcve.org/view.php?id=CVE-2009-2088
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property. El componente Servlet Engine/Web Container en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.25 y v7.0 anterior a v7.0.0.5, cuando SPNEGO Single Sign-on (SSO) y disableSecurityPreInvokeOnFilters son configurados, permite a los atacantes remotos evitar la autenticación a través de una petición a una "URL segura", relativa a cierta propiedad invokefilterscompatibility. • http://www-01.ibm.com/support/docview.wss?uid=swg24022479 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK77465 https://exchange.xforce.ibmcloud.com/vulnerabilities/52079 • CWE-287: Improper Authentication •