CVE-2013-0541
https://notcve.org/view.php?id=CVE-2013-0541
Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors. Desbordamiento de búfer en IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.5.0.2 en Windows, cuando se utiliza un registro LocalOS junto con WebSphere Identidad Manger (WIM), permite a usuarios locales provocar una denegación de servicio (caída del demonio) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM74909 https://exchange.xforce.ibmcloud.com/vulnerabilities/82696 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0542
https://notcve.org/view.php?id=CVE-2013-0542
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.5.0.2 permite a atacantes remotos inyectar arbitraria secuencias de comandos web o HTML a través de los valores de campo artesanales. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM81846 https://exchange.xforce.ibmcloud.com/vulnerabilities/82697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0462
https://notcve.org/view.php?id=CVE-2013-0462
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) v6,1, v7,0 antes de v7.0.0.27, v8.0, y v8.5 tiene un impacto desconocido y vectores de ataque. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785 •
CVE-2013-0460
https://notcve.org/view.php?id=CVE-2013-0460
Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. Cross-site request forgery (CSRF) vulnerabilidad en el subsistema de portlet en la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47 y v7,0 antes de v7.0.0.27 que permitía que los atacantes remotos secuestraran la autenticación de usuarios para peticiones arbitrarias que insertan cross-site scripting (XSS) secuencias. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM72275 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81014 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-0461
https://notcve.org/view.php?id=CVE-2013-0461
Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en el Virtual Member Manager (VMM) de la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47, v7.0.0.27 antes de v7,0, v8,0 antes de v8.0.0.6 y v8.5 antes de v8.5.0.2 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71389 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •