CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4365
https://notcve.org/view.php?id=CVE-2020-4365
14 May 2020 — IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. IBM WebSphere Application Server versión 8.5, es vulnerable a un ataque de tipo server-side request forgery. Al enviar una petición especialmente diseñada, un atacante autenticado remoto podría explotar esta vulnerabilidad para obtener datos confidenciales. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178964 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4329 – Red Hat Security Advisory 2020-2054-01
https://notcve.org/view.php?id=CVE-2020-4329
28 Apr 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server versión 7.0, 8.0, 8.5, 9.0 y Liberty versiones 17.0.0.3 hasta 20.0.0.4, podrían permitir a un atacante remoto autentificado obtener información confidencial, causado por la comprobación de paráme... • https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4362
https://notcve.org/view.php?id=CVE-2020-4362
10 Apr 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 tradicional, es susceptible a una vulnerabilidad de escalada de privilegios cuando se usa una autenticación basada en token en una petición de administrador por medio del conector SOAP. ID de IBM X-Force: 178929. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178929 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-4276
https://notcve.org/view.php?id=CVE-2020-4276
26 Mar 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. El tradicional IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es susceptible a una vulnerabilidad de escalada de privilegios cuando se usa la autenticación basada en token en una petición de administrador a través del conector SOAP. ID de X-Force: 175984. • https://github.com/mekoko/CVE-2020-4276 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4670
https://notcve.org/view.php?id=CVE-2019-4670
05 Feb 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto obtener información confidencial, esto es causado por la representación de datos inapropiada. ID de IBM X-Force: 171319. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171319 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4163
https://notcve.org/view.php?id=CVE-2020-4163
04 Feb 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, en condiciones especializadas, podría permitir a un usuario autenticado crear un nombre de archivo diseñado con fines maliciosos que sería interpretado inapropiadamente como contenido jsp y ejecutado. I... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174397 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4732
https://notcve.org/view.php?id=CVE-2019-4732
03 Feb 2020 — IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. IBM SDK, Java Technology Edition Versión versiones 7.0.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4720
https://notcve.org/view.php?id=CVE-2019-4720
31 Jan 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a una denegación de servicio, causada mediante el envío de una petición especialmente diseñada. Un atacante remoto podría explotar esta vulnerabilidad para causar qu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172125 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-4441
https://notcve.org/view.php?id=CVE-2019-4441
03 Oct 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5, 9.0 y Liberty, podrían permitir a un atacante remoto obtener información confidencial cuando un rastro de pila es devuelta en el navegador. ID de IBM X-Force: 163177. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163177 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4305
https://notcve.org/view.php?id=CVE-2019-4305
30 Sep 2019 — IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. IBM WebSphere Application Server Liberty, podría permitir a un atacante remoto obtener información confidencial causada por la configuración inapropiada de una cookie. ID de IBM X-Force: 160951. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160951 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •