CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-6170
https://notcve.org/view.php?id=CVE-2014-6170
The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by triggering a SOAP fault. El nodo HTTPInput en IBM WebSphere Message Broker 7.0 anterior a 7.0.0.8 y 8.0 anterior a 8.0.0.6 y IBM Integration Bus 9.0 anterior a 9.0.0.4 permite a atacantes remotos obtener información sensible mediante la provocación de un fallo SOAP. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT01929 http://www-01.ibm.com/support/docview.wss?uid=swg21690725 https://exchange.xforce.ibmcloud.com/vulnerabilities/98309 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2014-4819
https://notcve.org/view.php?id=CVE-2014-4819
The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page. La interfaz web de usuario en IBM WebSphere Message Broker 8.0 anterior a 8.0.0.6 e IBM Integration Bus 9.0 anterior a 9.0.0.3 permite a usuarios autenticados remotos obtener información sensible leyendo la página de error. • http://secunia.com/advisories/61356 http://www-01.ibm.com/support/docview.wss?uid=swg1IT03097 http://www-01.ibm.com/support/docview.wss?uid=swg21682681 https://exchange.xforce.ibmcloud.com/vulnerabilities/95456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4820
https://notcve.org/view.php?id=CVE-2014-4820
Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en lBM Integration Bus Manufacturing Pack 1.x anteriores a 1.0.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT03567 http://www-01.ibm.com/support/docview.wss?uid=swg21682696 https://exchange.xforce.ibmcloud.com/vulnerabilities/95457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •