CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1794
https://notcve.org/view.php?id=CVE-2018-1794
03 Oct 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0, utilizando OAuth, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScr... • http://www.securitytracker.com/id/1041802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1683
https://notcve.org/view.php?id=CVE-2018-1683
26 Sep 2018 — IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455. IBM WebSphere Application Server Liberty podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de cifrar las comunicaciones ORB. IBM X-Force ID: 145455. • http://www.securitytracker.com/id/1041720 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1567
https://notcve.org/view.php?id=CVE-2018-1567
07 Sep 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que atacantes remotos ejecuten código Java arbitrario mediante el conector SOAP con un objeto serializado desde fuentes no fiables. IBM X-Force ID: 143024. • http://www.securitytracker.com/id/1041644 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1695
https://notcve.org/view.php?id=CVE-2018-1695
06 Sep 2018 — IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769. Las instalaciones de IBM WebSphere Application Server 7.0, 8.0 y 8.5.5 que emplean Form Login podrían permitir que un atacante remoto lleve a cabo ataques de suplantación. IBM X-Force ID: 145769. • http://www.securitytracker.com/id/1041643 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1621
https://notcve.org/view.php?id=CVE-2018-1621
06 Jul 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante local obtenga contraseñas en texto claro en un archivo trace provocado por la gestión incorrecta de algunas propiedades datasource personalizadas. IBM X-Force ID: 144346. • http://www.ibm.com/support/docview.wss?uid=swg22016821 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1553
https://notcve.org/view.php?id=CVE-2018-1553
27 Jun 2018 — IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890. IBM WebSphere Application Server Liberty en versiones anteriores a la 18.0.0.2 podría permitir que un atacante remoto obtenga información sensible. Esto viene provocado por la gestión incorrecta de excepciones por parte de la característica SAML Web SSO. IBM X-Force ID: 142890. • http://www.ibm.com/support/docview.wss?uid=swg22016218 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1614
https://notcve.org/view.php?id=CVE-2018-1614
26 Jun 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 que utilizan respuestas SAML mal formadas desde el proveedor de identidad SAML podría permitir que un atacante remoto obtenga información sensible. IBM X-Force ID: 144270. • http://www.securitytracker.com/id/1041168 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1743
https://notcve.org/view.php?id=CVE-2017-1743
04 May 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto obtenga información sensible provocado por la gestión incorrecta de los campos del panel Administrative Console. Al explotarse, un atacante podría navega... • http://www.ibm.com/support/docview.wss?uid=swg22013601 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1741
https://notcve.org/view.php?id=CVE-2017-1741
14 Mar 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto obtenga información sensible provocado por la gestión incorrecta de los campos del panel Administrative Console. Al explotarse, un atacante podría... • http://www.ibm.com/support/docview.wss?uid=swg22012342 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4889
https://notcve.org/view.php?id=CVE-2011-4889
08 Feb 2018 — The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. La clase javax.naming.directory.AttributeInUseException en Virtual Member Manager en IBM WebSphere... • https://exchange.xforce.ibmcloud.com/vulnerabilities/72581 • CWE-254: 7PK - Security Features •