CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2011-1321
https://notcve.org/view.php?id=CVE-2011-1321
08 Mar 2011 — The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO). La aplicación de purga AuthCache en el componente de seguridad en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.37 y v7.x antes de v7.0.0.15, no ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM24668 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1315
https://notcve.org/view.php?id=CVE-2011-1315
08 Mar 2011 — Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. Pérdida de memoria en el motor de mensajería de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de conexiones de red asociados con un valor de ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23626 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2011-1310
https://notcve.org/view.php?id=CVE-2011-1310
08 Mar 2011 — The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. El componente Administrative Scripting Tools en IBM WebSphere Application Server (WAS) v6.1.0.x anterior a v6.1.0.35 y v7.x anterior a v7.0.0.15, cuando el seguimiento e... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM18736 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 32EXPL: 0CVE-2011-1320
https://notcve.org/view.php?id=CVE-2011-1320
08 Mar 2011 — The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation. El componente de seguridad en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.35 y v7.x antes de v7.0.0.15, cuando se utili... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1314
https://notcve.org/view.php?id=CVE-2011-1314
08 Mar 2011 — The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager. El motor de mensajería Service Integration Bus (SIB) de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes remotos provocar una denegación de servicio (bloqueo del demonio) mediante la realización de las operaciones de cierre a través... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM19834 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2011-1317
https://notcve.org/view.php?id=CVE-2011-1317
08 Mar 2011 — Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses. Pérdida de memoria en com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl en el componente JavaServer Pages (JSP) de IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.37 y v7.x antes de ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM19500 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1318
https://notcve.org/view.php?id=CVE-2011-1318
08 Mar 2011 — Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted. Pérdida de memoria en org.apache.jasper.runtime.JspWriterImpl.response en el componente JavaServer Pages (JSP) de IBM WebSphere Application Server (WAS) antes de v7.0.0.15 permite a atacantes ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2011-1311
https://notcve.org/view.php?id=CVE-2011-1311
08 Mar 2011 — The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. El componente Security en IBM WebSphere Application Server (WAS) anterior a v7.0.0.15, cuando se usa una aplicación J2EE 1.4, determi... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM25455 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2011-1319
https://notcve.org/view.php?id=CVE-2011-1319
08 Mar 2011 — The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication. El componente de seguridad en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.35 y v7.x antes de v7.0.0.15, permite a usuarios autenticados remotamente provocar una denegación de servicio (consumo de memoria) mediant... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM18644 • CWE-399: Resource Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 30EXPL: 0CVE-2011-1312
https://notcve.org/view.php?id=CVE-2011-1312
08 Mar 2011 — The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. El componente Administrative Console de IBM WebSphere Application Server (WAS) v6.1.0.x anterior a v6.1.0.31 y v7.x anteriores a v7.0.0.15 no impide que las modificaciones de la id... • http://www-01.ibm.com/support/docview.wss?uid=swg1PK88606 • CWE-264: Permissions, Privileges, and Access Controls •