CVE-2016-0360
https://notcve.org/view.php?id=CVE-2016-0360
IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. El cliente de IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0 y 9.0 provee clases que deserializan objetos desde fuentes no confiables que podrían permitir a un usuario malicioso ejecutar código Java arbitrario añadiendo clases vulnerables a la ruta de clase. IBM Referencia #: 1983457. • http://www-01.ibm.com/support/docview.wss?uid=swg21983457 http://www.securityfocus.com/bid/95317 http://www.securitytracker.com/id/1037561 • CWE-502: Deserialization of Untrusted Data •
CVE-2017-1121
https://notcve.org/view.php?id=CVE-2017-1121
IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743 IBM WebSphere Application Server 7.0, 8.0 y 9.0 es vulnerable a las secuencias de comandos en sitios cruzados. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista conduciendo potencialmente a la divulgación de credenciales dentro de una sesión de confianza. IBM Reference #: 1997743 • http://www.ibm.com/support/docview.wss?uid=swg21997743 http://www.securityfocus.com/bid/96164 http://www.securitytracker.com/id/1037806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7418
https://notcve.org/view.php?id=CVE-2015-7418
IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information. IBM WebSphere eXtreme Scale y el WebSphere DataPower XC10 Appliance permiten que algunos datos sensibles permanezcan en la memoria en vez de ser sobrescritos lo que podría permitir a un usuario local con privilegios de administrador obtener información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21971657 http://www.securityfocus.com/bid/83634 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-8919
https://notcve.org/view.php?id=CVE-2016-8919
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. IBM WebSphere Application Server puede ser vulnerable a una denegación de servicio, provocada al permitir que los objetos serializados de fuentes no fiables se ejecuten y causen el consumo de recursos. • http://www.ibm.com/support/docview.wss?uid=swg21993797 http://www.securityfocus.com/bid/95650 http://www.securitytracker.com/id/1037710 • CWE-399: Resource Management Errors •
CVE-2016-0394
https://notcve.org/view.php?id=CVE-2016-0394
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. IBM Integration Bus y WebSphere Message broker establecen permisos incorrectos para un objeto que podrían permitir a un atacante local manipular ciertos archivos. • http://www.ibm.com/support/docview.wss?uid=swg21985013 http://www.securityfocus.com/bid/94577 • CWE-275: Permission Issues •