Page 6 of 70 results (0.024 seconds)

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en la consola de administración de WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS, permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de vectores no especificados, relativos en parte a "inyección URL". • http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM11778 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830 http://www.vupen.com/english/advisories/2010/1411 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 48EXPL: 0

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos autenticados provocar una denegación de servicio (cuelgue del ORB ListenerThread) al abortar una negociación SSL. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK93653 http://www.securityfocus.com/bid/39056 https://exchange.xforce.ibmcloud.com/vulnerabilities/57182 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la URI. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376 http://www.securityfocus.com/bid/39051 https://exchange.xforce.ibmcloud.com/vulnerabilities/57164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 1.9EPSS: 0%CPEs: 48EXPL: 0

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 no define de manera apropiada los objetos J2CConnectionFactory scripting wsadmin, lo que permite a atacantes locales descubrir una password KeyRingPassword mediante la lectura de un campo cleartext en el fichero resources.xml. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK95089 https://exchange.xforce.ibmcloud.com/vulnerabilities/57185 • CWE-255: Credentials Management Errors •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. El Service Component Architecture (SCA) "feature pack" para IBM WebSphere Application Server (WAS) SCA v1.0 anterior a v1.0.0.3, permite a usuarios autenticados remotamente evitar las restricciones de acceso establecidas por authentication.transport y obtener acceso no especificado a través de vectores desconocidos. • http://secunia.com/advisories/36306 http://www-01.ibm.com/support/docview.wss?uid=swg27015429 http://www-1.ibm.com/support/docview.wss?uid=swg1PK86047 https://exchange.xforce.ibmcloud.com/vulnerabilities/52074 • CWE-287: Improper Authentication •