CVSS: 2.5EPSS: 0%CPEs: 25EXPL: 0CVE-2017-1144
https://notcve.org/view.php?id=CVE-2017-1144
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. WebSphere Message Broker de IBM, podría permitir a un usuario local con acceso especializado impedir que el intermediario de mensajes se inicie. ID de IBM X-Force: 122033. • http://www.ibm.com/support/docview.wss?uid=swg22005383 http://www.securityfocus.com/bid/99365 https://exchange.xforce.ibmcloud.com/vulnerabilities/122033 • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2017-1207
https://notcve.org/view.php?id=CVE-2017-1207
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. IBM WebSphere Message Broker almacena las credenciales del usuario en texto plano las cuales podrían ser leídas por un usuario local. IBM X-Force ID: 123777. • http://www.ibm.com/support/docview.wss?uid=swg22005382 http://www.securityfocus.com/bid/99368 https://exchange.xforce.ibmcloud.com/vulnerabilities/123777 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1217
https://notcve.org/view.php?id=CVE-2017-1217
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857 IBM WebSphere Portal 8.5 y 9.9 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código Javascript aleatorio en la interfaz web lo que alteraría la funcionalidad planeada y potencialmente llevando a la revelación de las credenciales dentro de una session confiable. IBM X-Force ID: 123857 • http://www.ibm.com/support/docview.wss?uid=swg22004348 http://www.securityfocus.com/bid/99350 http://www.securitytracker.com/id/1038797 https://exchange.xforce.ibmcloud.com/vulnerabilities/123857 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2017-1117
https://notcve.org/view.php?id=CVE-2017-1117
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155. IBM WebSphere MQ 8.0 y 9.0 podrían permitir que un usuario autenticado provoque una denegación de servicio (DoS) en el canal MQXR cuando trace está habilitado. IBM X-Force ID: 121155. • http://www.ibm.com/support/docview.wss?uid=swg22001468 http://www.securityfocus.com/bid/99136 https://exchange.xforce.ibmcloud.com/vulnerabilities/121155 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9736
https://notcve.org/view.php?id=CVE-2016-9736
IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. WebSphere Application Server de IBM usando peticiones SOAP malformadas podría permitir a un atacante remoto obtener información confidencial. • http://www-01.ibm.com/support/docview.wss?uid=swg21991469 http://www.ibm.com/support/docview.wss?uid=swg21996820 http://www.securityfocus.com/bid/96076 https://exchange.xforce.ibmcloud.com/vulnerabilities/119780 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •