Page 5 of 126 results (0.006 seconds)

CVSS: 6.8EPSS: 0%CPEs: 73EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Vulnerabilidad CSRF (Cross-site request forgery) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.1 permitía que los atacantes remotos secuestraran la autenticación de usuarios para peticiones arbitrarias que insertan cross-site scripting (XSS) secuencias. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/84591 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 1.9EPSS: 0%CPEs: 72EXPL: 0

The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors. La consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.29, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.0 no realiza correctamente el almacenamiento en caché, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM79992 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/83965 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 73EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields. Vulnerabilidad Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.47, v7.0 anterior a v7.0.0.31, v8.0 anterior a v8.0.0.7, y v8.5 anterior a v8.5.5.1 permite a usuarios autenticados remotamente inyectar secuencias web o HTML arbitrarias a través de campos sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM88208 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 http://www.securitytracker.com/id/1028932 https://exchange.xforce.ibmcloud.com/vulnerabilities/85270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 57EXPL: 0

Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. Vulnerabilidad de salto de directorio en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes de v7.0.0.29, v8,0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux y UNIX permite a usuarios remotos autenticados modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM82468 https://exchange.xforce.ibmcloud.com/vulnerabilities/82760 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 65EXPL: 0

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 antes v6.1.0.47, v7.0 antes v7.0.0.29, v8.0 antes v8.0.0.6 y v8.5 antes de v8.5.0.2 en Linux, Solaris y HP-UX, cuando se utiliza un registro Local OS, hace no valida correctamente las cuentas de usuario, lo que permite a atacantes remotos evitar las restricciones de acceso previstos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM75582 https://exchange.xforce.ibmcloud.com/vulnerabilities/82759 • CWE-863: Incorrect Authorization •