CVE-2020-4575
https://notcve.org/view.php?id=CVE-2020-4575
IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. IBM WebSphere Application Server ND versiones 8.5 y 9.0, e IBM WebSphere Virtual Enterprise versiones 7.0 y 8.0, son vulnerables a un ataque de tipo cross-site scripting cuando High Availability Deployment Manager es configurado • https://exchange.xforce.ibmcloud.com/vulnerabilities/184363 https://www.ibm.com/support/pages/node/6323293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4589
https://notcve.org/view.php?id=CVE-2020-4589
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia especialmente diseñada de objetos serializados de fuentes no confiables. • https://exchange.xforce.ibmcloud.com/vulnerabilities/184585 https://www.ibm.com/support/pages/node/6258333 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4464 – IBM WebSphere Application Server SOAP Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4464
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, tradicionalmente podría permitir a un atacante remoto ejecutar código arbitrario en un sistema con una secuencia especialmente diseñada de objetos serializados a través del conector SOAP. IBM X-Force ID: 181489 This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAP protocol. • https://github.com/yonggui-li/CVE-2020-4464-and-CVE-2020-4450 https://exchange.xforce.ibmcloud.com/vulnerabilities/181489 https://www.ibm.com/support/pages/node/6250059 https://www.zerodayinitiative.com/advisories/ZDI-20-878 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4449 – IBM WebSphere Application Server IIOP Deserialization of Untrusted Data Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-4449
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 traditional, podría permitir a un atacante remoto obtener información confidencial con una secuencia de objetos serializados especialmente diseñada. ID de IBM X-Force: 181230 This vulnerability allows remote attackers to disclose sensitive information on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the IIOP protocol. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181230 https://www.ibm.com/support/pages/node/6220296 https://www.zerodayinitiative.com/advisories/ZDI-20-690 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-4448 – IBM WebSphere UploadFileArgument Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4448
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. IBM WebSphere Application Server Network Deployment versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia de objetos serializados especialmente diseñada de fuentes no confiables. ID de IBM X-Force: 181228 This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM WebSphere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BroadcastMessageManager class. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181228 https://www.ibm.com/support/pages/node/6220336 https://www.zerodayinitiative.com/advisories/ZDI-20-688 • CWE-502: Deserialization of Untrusted Data •