CVSS: 4.0EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0770
https://notcve.org/view.php?id=CVE-2010-0770
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos autenticados provocar una denegación de servicio (cuelgue del ORB ListenerThread) al abortar una negociación SSL. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK93653 http://www.securityfocus.com/bid/39056 https://exchange.xforce.ibmcloud.com/vulnerabilities/57182 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 0CVE-2010-0768
https://notcve.org/view.php?id=CVE-2010-0768
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la URI. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376 http://www.securityfocus.com/bid/39051 https://exchange.xforce.ibmcloud.com/vulnerabilities/57164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 1.9EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0769
https://notcve.org/view.php?id=CVE-2010-0769
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 no define de manera apropiada los objetos J2CConnectionFactory scripting wsadmin, lo que permite a atacantes locales descubrir una password KeyRingPassword mediante la lectura de un campo cleartext en el fichero resources.xml. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK95089 https://exchange.xforce.ibmcloud.com/vulnerabilities/57185 • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0906
https://notcve.org/view.php?id=CVE-2009-0906
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. El Service Component Architecture (SCA) "feature pack" para IBM WebSphere Application Server (WAS) SCA v1.0 anterior a v1.0.0.3, permite a usuarios autenticados remotamente evitar las restricciones de acceso establecidas por authentication.transport y obtener acceso no especificado a través de vectores desconocidos. • http://secunia.com/advisories/36306 http://www-01.ibm.com/support/docview.wss?uid=swg27015429 http://www-1.ibm.com/support/docview.wss?uid=swg1PK86047 https://exchange.xforce.ibmcloud.com/vulnerabilities/52074 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1898
https://notcve.org/view.php?id=CVE-2009-1898
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. la página de "secure login" en el componente Administrative console en IBM WebSphere Application Server (WAS)v6.0.2 anterior a v6.0.2.35 no redirecciona a una página https hasta que recibe una petición http, lo que facilita a atacantes remotos la lectura de los contenidos de las sesiones WAS capturando paquetes de la red. • http://secunia.com/advisories/35301 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010 http://www.securityfocus.com/bid/35405 http://www.vupen.com/english/advisories/2009/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/51170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •