CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0563
https://notcve.org/view.php?id=CVE-2010-0563
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. La funcionalidad Single Sign-on (SSO) en IBM WebSphere Application Server (WAS) v7.0.0.0 a la v7.0.0.8, no reconoce la opción de configuración "Requires SSL", lo que podría permitir a atacantes remotos obtener información sensible analizando las sesiones de red que se suponen están cifradas. • http://secunia.com/advisories/38425 http://securitytracker.com/id?1023551 http://www-01.ibm.com/support/docview.wss?uid=swg21417839 http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610 http://www.osvdb.org/62140 http://www.securityfocus.com/bid/38122 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2749
https://notcve.org/view.php?id=CVE-2009-2749
Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value. Pack de Características para Communications Enabled Applications (CEA) anterior v1.0.0.1 para IBM WebSphere Application Server v7.0.0.7 usa valores de sesiones predecibles, lo que permite a atacantes de hombre en medio (man-in-the-middle) suplantar sesiones de colaboración a través del descubrimiento de valores. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM00435 http://www-01.ibm.com/support/docview.wss?uid=swg27017328 http://www.securityfocus.com/bid/37392 http://www.vupen.com/english/advisories/2009/3598 https://exchange.xforce.ibmcloud.com/vulnerabilities/54494 • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 59EXPL: 0CVE-2009-2746
https://notcve.org/view.php?id=CVE-2009-2746
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la consola de administración en el componente Security en IBM WebSphere Application Server (WAS) v6.0.2 anteriores a v6.0.2.39, v6.1 anteriores a v6.1.0.29, y v7.0 anteriores a v7.0.0.7 permite a atacantes remotos secuestrar la autenticación de administradores mediante vectores no especificados. • http://secunia.com/advisories/37221 http://www-01.ibm.com/support/docview.wss?uid=swg1PK87176 http://www-01.ibm.com/support/docview.wss?uid=swg1PK99477 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 https://exchange.xforce.ibmcloud.com/vulnerabilities/54227 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2009-2744
https://notcve.org/view.php?id=CVE-2009-2744
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25." Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.27 permite a atacantes remotos provocar una denegación de servicio mediante vectores desconocidos, relacionado con "un error en fixpacks v6.1.0.23 y v6.1.0.25". • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK91709 http://www.vupen.com/english/advisories/2009/2721 https://exchange.xforce.ibmcloud.com/vulnerabilities/53344 •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2009-2742
https://notcve.org/view.php?id=CVE-2009-2742
Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la ayuda de Eclipse del servidor de aplicaciones IBM WebSphere (WAS) en versiones v6.1 anteriores a la v 6.1.0.27 permite a usuarios remotos inyectar codigo de script web o código HTML a través de una entrada sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg1PK78917 http://www.vupen.com/english/advisories/2009/2721 https://exchange.xforce.ibmcloud.com/vulnerabilities/53342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •