CVE-2011-1310
https://notcve.org/view.php?id=CVE-2011-1310
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. El componente Administrative Scripting Tools en IBM WebSphere Application Server (WAS) v6.1.0.x anterior a v6.1.0.35 y v7.x anterior a v7.0.0.15, cuando el seguimiento está habilitado, coloca los parámetros wsadmin en los ficheros (1) wsadmin.traceout y (2) trace.log, lo que permite a usuarios locales obtener información sensible mediante la lectura de estos archivos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM18736 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1032
https://notcve.org/view.php?id=CVE-2011-1032
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. IBM Lotus Connections v3.0, cuando IBM WebSphere Application Server v7.0.0.11 es usada, no restringe adecuadamente el acceso al módulo de login interno, que tiene un impacto no especificado y vectores de ataque. • http://osvdb.org/70931 http://secunia.com/advisories/43298 http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565 http://www.ibm.com/support/docview.wss?uid=swg21462435 http://www.vupen.com/english/advisories/2011/0382 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-7274
https://notcve.org/view.php?id=CVE-2008-7274
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. IBM WebSphere Application Server (WAS) v6.1.0.9, cuando la funcionalidad JAAS Login es habilitada, permite a los atacantes desarrollar una aplicación interna de acceso hashtable (1) no proporcionando una contraseña o (2) proporcionando una contraseña vacía. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565 • CWE-20: Improper Input Validation •
CVE-2011-0316
https://notcve.org/view.php?id=CVE-2011-0316
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. El componente de Consola de Administración de IBM WebSphere Application Server (WAS) v6.1 antrior a v6.1.0.35 y v7.0.0.15 7.0 no restringe correctamente el acceso a la consola de servlets, lo que permite a atacantes remotos obtener información sobre el estado potencialmente sensible a través de una solicitud directa. • http://secunia.com/advisories/42938 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24372 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 https://exchange.xforce.ibmcloud.com/vulnerabilities/64558 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0315
https://notcve.org/view.php?id=CVE-2011-0315
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. Ejecución de secuencias de comandos en sitios cruzados (XSS) en los componentes Servlet Engine / Web Container en IBM WebSphere Application Server (WAS) 6.1 anterior a v6.1.0.35 y v7.0 antrior a v7.0.0.15 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con el falta de una página de error para una aplicación. • http://secunia.com/advisories/42938 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18512 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 https://exchange.xforce.ibmcloud.com/vulnerabilities/64554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •