CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-10693 – hibernate-validator: Improper input validation in the interpolation of constraint error messages
https://notcve.org/view.php?id=CVE-2020-10693
06 May 2020 — A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. Se encontró un fallo en Hibernate Validator versión 6.1.2.Final. Un error en el procesador de interpolación de mensajes permite evaluar expresiones EL no válid... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4329 – Red Hat Security Advisory 2020-2054-01
https://notcve.org/view.php?id=CVE-2020-4329
28 Apr 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. IBM WebSphere Application Server versión 7.0, 8.0, 8.5, 9.0 y Liberty versiones 17.0.0.3 hasta 20.0.0.4, podrían permitir a un atacante remoto autentificado obtener información confidencial, causado por la comprobación de paráme... • https://exchange.xforce.ibmcloud.com/vulnerabilities/177841 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4362
https://notcve.org/view.php?id=CVE-2020-4362
10 Apr 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 tradicional, es susceptible a una vulnerabilidad de escalada de privilegios cuando se usa una autenticación basada en token en una petición de administrador por medio del conector SOAP. ID de IBM X-Force: 178929. • https://exchange.xforce.ibmcloud.com/vulnerabilities/178929 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4304
https://notcve.org/view.php?id=CVE-2020-4304
02 Apr 2020 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176670. IBM WebSphere Application Server - Liberty versiones 17.0.0.3 hasta 20.0.0.3, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/176670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4303
https://notcve.org/view.php?id=CVE-2020-4303
02 Apr 2020 — IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176668. IBM WebSphere Application Server - Liberty versiones 17.0.0.3 hasta 20.0.0.3 es vulnerable un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar cód... • https://exchange.xforce.ibmcloud.com/vulnerabilities/176668 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-4276
https://notcve.org/view.php?id=CVE-2020-4276
26 Mar 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. El tradicional IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es susceptible a una vulnerabilidad de escalada de privilegios cuando se usa la autenticación basada en token en una petición de administrador a través del conector SOAP. ID de X-Force: 175984. • https://github.com/mekoko/CVE-2020-4276 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4670
https://notcve.org/view.php?id=CVE-2019-4670
05 Feb 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto obtener información confidencial, esto es causado por la representación de datos inapropiada. ID de IBM X-Force: 171319. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171319 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4163
https://notcve.org/view.php?id=CVE-2020-4163
04 Feb 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, en condiciones especializadas, podría permitir a un usuario autenticado crear un nombre de archivo diseñado con fines maliciosos que sería interpretado inapropiadamente como contenido jsp y ejecutado. I... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174397 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4732
https://notcve.org/view.php?id=CVE-2019-4732
03 Feb 2020 — IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. IBM SDK, Java Technology Edition Versión versiones 7.0.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4720
https://notcve.org/view.php?id=CVE-2019-4720
31 Jan 2020 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a una denegación de servicio, causada mediante el envío de una petición especialmente diseñada. Un atacante remoto podría explotar esta vulnerabilidad para causar qu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/172125 • CWE-770: Allocation of Resources Without Limits or Throttling •