CVSS: 4.0EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0770
https://notcve.org/view.php?id=CVE-2010-0770
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos autenticados provocar una denegación de servicio (cuelgue del ORB ListenerThread) al abortar una negociación SSL. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK93653 http://www.securityfocus.com/bid/39056 https://exchange.xforce.ibmcloud.com/vulnerabilities/57182 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 0CVE-2010-0768
https://notcve.org/view.php?id=CVE-2010-0768
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la URI. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376 http://www.securityfocus.com/bid/39051 https://exchange.xforce.ibmcloud.com/vulnerabilities/57164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 1.9EPSS: 0%CPEs: 48EXPL: 0CVE-2010-0769
https://notcve.org/view.php?id=CVE-2010-0769
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file. IBM WebSphere Application Server (WAS) 6.0 en versiones anteriores a la 6.0.2.41, 6.1 en versiones anteriores a la 6.1.0.31 y 7.0 en versiones anteriores a la 7.0.0.9 no define de manera apropiada los objetos J2CConnectionFactory scripting wsadmin, lo que permite a atacantes locales descubrir una password KeyRingPassword mediante la lectura de un campo cleartext en el fichero resources.xml. • http://secunia.com/advisories/39140 http://www-01.ibm.com/support/docview.wss?uid=swg1PK95089 https://exchange.xforce.ibmcloud.com/vulnerabilities/57185 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-1182
https://notcve.org/view.php?id=CVE-2010-1182
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. Varias vulnerabilidades sin especificar en la consola de administración de IBM WebSphere Application Server (WAS) v7.0.x hasta la v7.0.0.9 en z/OS tienen un impacto y vectores de ataque desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK97376 http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161 http://www.vupen.com/english/advisories/2010/0609 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0563
https://notcve.org/view.php?id=CVE-2010-0563
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. La funcionalidad Single Sign-on (SSO) en IBM WebSphere Application Server (WAS) v7.0.0.0 a la v7.0.0.8, no reconoce la opción de configuración "Requires SSL", lo que podría permitir a atacantes remotos obtener información sensible analizando las sesiones de red que se suponen están cifradas. • http://secunia.com/advisories/38425 http://securitytracker.com/id?1023551 http://www-01.ibm.com/support/docview.wss?uid=swg21417839 http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610 http://www.osvdb.org/62140 http://www.securityfocus.com/bid/38122 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •