CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4720
https://notcve.org/view.php?id=CVE-2019-4720
31 Jan 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a una denegación de servicio, causada mediante el envío de una petición especialmente diseñada. Un atacante remoto podría explotar esta vulnerabilidad para causar qu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172125 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4663
https://notcve.org/view.php?id=CVE-2019-4663
10 Dec 2019 — IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245. IBM WebSphere Application Server - Liberty es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alteran... • https://exchange.xforce.ibmcloud.com/vulnerabilities/171245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-4441
https://notcve.org/view.php?id=CVE-2019-4441
03 Oct 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5, 9.0 y Liberty, podrían permitir a un atacante remoto obtener información confidencial cuando un rastro de pila es devuelta en el navegador. ID de IBM X-Force: 163177. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163177 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4305
https://notcve.org/view.php?id=CVE-2019-4305
30 Sep 2019 — IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. IBM WebSphere Application Server Liberty, podría permitir a un atacante remoto obtener información confidencial causada por la configuración inapropiada de una cookie. ID de IBM X-Force: 160951. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160951 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4304
https://notcve.org/view.php?id=CVE-2019-4304
30 Sep 2019 — IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950. IBM WebSphere Application Server - Liberty, podría permitir a un atacante remoto omitir las restricciones de seguridad causadas por una comprobación de sesión inapropiada. ID de IBM X-Force: 160950. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160950 • CWE-384: Session Fixation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4505
https://notcve.org/view.php?id=CVE-2019-4505
20 Sep 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, Network Deployment podría permitir a un atacante remoto obtener información confidencial, causado mediante el envío de una URL especialmente diseñada. Esto puede conllevar al ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/164364 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4477
https://notcve.org/view.php?id=CVE-2019-4477
17 Sep 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un usuario con acceso a los registros de auditoría obtener información confidencial, causado por un manejo inapropiado de las opciones de la línea de comandos. ID de IBM X-Force: 163997. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163997 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4442
https://notcve.org/view.php?id=CVE-2019-4442
17 Sep 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto saltar directorios sobre el sistema de archivos. Un atacante podría enviar una petición de URL especialmente diseñada para visualizar archivos arbi... • https://exchange.xforce.ibmcloud.com/vulnerabilities/163226 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4271
https://notcve.org/view.php?id=CVE-2019-4271
17 Sep 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. La consola de administración de IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es susceptible a una vulnerabilidad de contaminación de parámetros HTTP del lado del cliente. ID de IBM X-Force: 160243. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160243 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4270
https://notcve.org/view.php?id=CVE-2019-4270
17 Sep 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203. La Consola de administración de IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a cross-site scripting. Esta vulnerabilidad permite a usuarios insertar cód... • https://exchange.xforce.ibmcloud.com/vulnerabilities/160203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •