CVE-2016-6089
https://notcve.org/view.php?id=CVE-2016-6089
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926. IBM WebSphere MQ versiones 9.0.0.1 y 9.0.2 podrían permitir a un usuario local escribir en un archivo o eliminar archivos de un directorio al que no deberían tener acceso debido a controles de acceso inadecuados. IBM X-Force ID: 117926 • http://www.ibm.com/support/docview.wss?uid=swg22003509 http://www.securityfocus.com/bid/98770 https://exchange.xforce.ibmcloud.com/vulnerabilities/117926 • CWE-284: Improper Access Control •
CVE-2017-1137
https://notcve.org/view.php?id=CVE-2017-1137
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549. IBM WebSphere Application Server versión 8.0 y versión 8.5.5 podría proporcionar una seguridad más débil de lo esperado. Un atacante remoto podría explotar esta debilidad para obtener información confidencial y obtener acceso no autorizado a la consola de administración. • http://www.ibm.com/support/docview.wss?uid=swg21998469 http://www.securitytracker.com/id/1038464 •
CVE-2016-9691
https://notcve.org/view.php?id=CVE-2016-9691
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. IBM WebSphere Cast Iron Solution 7.0.0 y 7.5.0.0 es vulnerable a una denegación de servicio, provocada por un error XML External Entity Injection (XXE) al procesar la información XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.ibm.com/support/docview.wss?uid=swg21998014 http://www.securityfocus.com/bid/98338 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2016-9692
https://notcve.org/view.php?id=CVE-2016-9692
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. IBM WebSphere Cast Iron Solution 7.0.0 y 7.5.0.0 es vulnerable a un ataque de interacción external con el servicio, provocado por la validación incorrecta de la entrada de datos suministrada por el usuario. • http://www.ibm.com/support/docview.wss?uid=swg21998014 http://www.securityfocus.com/bid/98337 • CWE-20: Improper Input Validation •
CVE-2017-1156
https://notcve.org/view.php?id=CVE-2017-1156
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 WebSphere Portal de IBM versiones 8.5 y 9.0, podría permitir a un atacante remoto conducir ataques de phishing, utilizando un ataque de redireccionamiento abierto. • http://www.ibm.com/support/docview.wss?uid=swg22000153 http://www.securityfocus.com/bid/98340 http://www.securitytracker.com/id/1038390 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •