CVE-2017-1285
https://notcve.org/view.php?id=CVE-2017-1285
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. IBM WebSphere MQ 9.0.1 y 9.0.2 podría permitir a un usuario autenticado con autoridad para enviar mensajes especialmente manipulados que causarían que un canal permaneciese en un estado de ejecución pero no procesaría mensajes. IBM X-Force ID: 125146. • http://www.securityfocus.com/bid/99538 https://exchange.xforce.ibmcloud.com/vulnerabilities/125146 https://www.ibm.com/support/docview.wss?uid=swg22003856 • CWE-20: Improper Input Validation •
CVE-2017-1337
https://notcve.org/view.php?id=CVE-2017-1337
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. La aplicación Java/JMS de WebSphere MQ versiones 9.0.1 y 9.0.2 de IBM, puede transmitir incorrectamente las credenciales de usuario en texto plano. ID de IBM X-Force: 126245. • http://www.ibm.com/support/docview.wss?uid=swg22003853 http://www.securityfocus.com/bid/99493 https://exchange.xforce.ibmcloud.com/vulnerabilities/126245 • CWE-522: Insufficiently Protected Credentials •
CVE-2017-1284
https://notcve.org/view.php?id=CVE-2017-1284
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145. IBM WebSphere MQ 9.0.1 y 9.0.2 podría permitir a un usuario local con habilidad de ejecución o activación de rutas, obtener información sensible desde rutas de WebSphere Application Server incluidas credenciales de usuario. X-Force ID: 125145. • http://www.ibm.com/support/docview.wss?uid=swg22003851 http://www.securityfocus.com/bid/99494 https://exchange.xforce.ibmcloud.com/vulnerabilities/125145 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-1398
https://notcve.org/view.php?id=CVE-2017-1398
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385. IBM WebSphere Commerce Enterprise, Professional, Express y Developer versiones 6.0, 7.0 y 8.0, podrían permitir que un atacante remoto conducir ataques de phishing mediante un ataque de redireccionamiento abierto. • http://www.ibm.com/support/docview.wss?uid=swg22005360 http://www.securityfocus.com/bid/99491 https://exchange.xforce.ibmcloud.com/vulnerabilities/127385 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2017-1236
https://notcve.org/view.php?id=CVE-2017-1236
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 IBM WebSphere MQ 9.0.2 permitiría a un usuario autenticado causar una denegación de servicio mediante el guardado del estado de investigación del canal. IBM X-Force ID: 124354 • http://www.ibm.com/support/docview.wss?uid=swg22003510 http://www.securityfocus.com/bid/99505 https://exchange.xforce.ibmcloud.com/vulnerabilities/124354 • CWE-20: Improper Input Validation •