CVSS: 10.0EPSS: 1%CPEs: 33EXPL: 0CVE-2009-1899
https://notcve.org/view.php?id=CVE-2009-1899
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin." Vulnerabilidad sin especificar en el componente Management/Repository en IBM WebSphere Application Server (WAS) v6.0.2 anterior a 6.0.2.35 tiene un impacto y vectores de ataque desconocidos. Relacionado con "exposición de seguridad en wsadmin". • http://secunia.com/advisories/35301 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK77495 http://www.securityfocus.com/bid/35405 http://www.vupen.com/english/advisories/2009/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/51172 https://exchange.xforce.ibmcloud.com/vulnerabilities/52075 •
CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1898
https://notcve.org/view.php?id=CVE-2009-1898
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. la página de "secure login" en el componente Administrative console en IBM WebSphere Application Server (WAS)v6.0.2 anterior a v6.0.2.35 no redirecciona a una página https hasta que recibe una petición http, lo que facilita a atacantes remotos la lectura de los contenidos de las sesiones WAS capturando paquetes de la red. • http://secunia.com/advisories/35301 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010 http://www.securityfocus.com/bid/35405 http://www.vupen.com/english/advisories/2009/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/51170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2009-1010
https://notcve.org/view.php?id=CVE-2009-1010
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server 8.2.2 y 8.3.0 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad, relacionado con HTML, una vulnerabilidad diferente a CVE-2009-1008. • http://osvdb.org/53749 http://secunia.com/advisories/34693 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022055 http://www.us-cert.gov/cas/techalerts/TA09-105A.html •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2009-1008
https://notcve.org/view.php?id=CVE-2009-1008
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010. Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server 8.2.2 y 8.3.0 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad, relacionado con HTML, una vulnerabilidad diferente a CVE-2009-1010. • http://osvdb.org/53747 http://secunia.com/advisories/34693 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022055 http://www.us-cert.gov/cas/techalerts/TA09-105A.html •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2009-1009
https://notcve.org/view.php?id=CVE-2009-1009
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server v8.1.9 que permite a los usuarios locales afectar a la confidencialidad, integridad y disponibilidad en relación a HTML. • http://osvdb.org/53748 http://secunia.com/advisories/34693 http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022055 http://www.us-cert.gov/cas/techalerts/TA09-105A.html •