Page 70 of 828 results (0.017 seconds)

CVSS: 4.0EPSS: 0%CPEs: 57EXPL: 0

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL. Vulnerabilidad de salto de directorio en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2 hasta 7.2.0.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL de ficheros de internacionalización manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52957 http://www-01.ibm.com/support/docview.wss?uid=swg21700831 http://www.securityfocus.com/bid/75360 http://www.securitytracker.com/id/1032700 http://www.securitytracker.com/id/1032701 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value. La funcionalidad HTTP connection-management en Internet Pass-Thru (IPT) anterior a 2.1.0.2 en IBM WebSphere MQ, cuando HTTPS está deshabilitado, no genera correctamente los identificadores de las sesiones MQIPT, lo que facilita a atacantes remotos evadir las restricciones sobre los datos de mensajes MQ mediante la previsión de un valor de identificador. • http://www-01.ibm.com/support/docview.wss?uid=swg21699547 http://www.securitytracker.com/id/1032630 • CWE-17: DEPRECATED: Code •

CVSS: 3.5EPSS: 0%CPEs: 57EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada que provoca una condición de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52626 http://www-01.ibm.com/support/docview.wss?uid=swg21697944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 21EXPL: 0

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors. IBM WebSphere Commerce 6.x hasta 6.0.0.11 y 7.x anterior a 7.0.0.8 IF2 permite a usuarios locales obtener información sensible de la base de datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50683 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52306 http://www-01.ibm.com/support/docview.wss?uid=swg21902799 http://www.securitytracker.com/id/1032392 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 61EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.6.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06812 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52420 http://www-01.ibm.com/support/docview.wss?uid=swg21697120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •