CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4268
https://notcve.org/view.php?id=CVE-2019-4268
17 Sep 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una URL especialmente diseñada que contenga secuencias (/../) "dot dot" para v... • https://exchange.xforce.ibmcloud.com/vulnerabilities/160201 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4269
https://notcve.org/view.php?id=CVE-2019-4269
28 Jun 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. IBM WebSphere Application Server Admin Console versiones 7.0, 8.0, 8.5, y 9.0 podría permitirle a un atacante remoto obtener información sensible cuando una URL manipulada provoca una traza de pila para ser volcada. ID de IBM X-Force: 160202. • http://www.securityfocus.com/bid/109000 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 10.0EPSS: 29%CPEs: 3EXPL: 2CVE-2019-4279 – IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-4279
17 May 2019 — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445. IBM WebSphere Application Server 8.5 y 9.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia especialmente diseñada de objetos serializados de fuentes no confiables. ID de IBM X-Force: 160445. • https://packetstorm.news/files/id/153189 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4080
https://notcve.org/view.php?id=CVE-2019-4080
02 Apr 2019 — IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380. IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5 y 9.0 es vulnerable a una potencial denegación de servicio (DoS) provocada por un análisis incorrecta de parámetros. Un atacante remoto podría explotar esta vulnerabilidad para consumir todos lo... • http://www.securityfocus.com/bid/107683 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4046
https://notcve.org/view.php?id=CVE-2019-4046
25 Mar 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a denegaciones de servicio causadas por una gestión inadecuada de las cabeceras de peticiones. Un atacante remoto podría explotar esta vulnerabilidad para provocar un consumo de memoria. • http://www.securityfocus.com/bid/107623 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1902
https://notcve.org/view.php?id=CVE-2018-1902
11 Mar 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531. IBM WebSphere Application Server, en versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto suplantar la información de conexión, la cual podría emplearse para lanzar otros ataques contra el sistema. IBM X-Force ID: 152531. • http://www.securityfocus.com/bid/107383 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4030
https://notcve.org/view.php?id=CVE-2019-4030
06 Mar 2019 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946. IBM WebSphere Application Server, en sus versiones 8.5 y 9.0, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usua... • http://www.ibm.com/support/docview.wss?uid=ibm10869406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1996
https://notcve.org/view.php?id=CVE-2018-1996
19 Feb 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría proporcionar seguridad más débil de la esperada debido a una configuración TLS incorrecta. Un atacante remoto podría explotar esta vulnerabilidad para obtener informa... • http://www.securityfocus.com/bid/107155 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1926
https://notcve.org/view.php?id=CVE-2018-1926
12 Dec 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. La consola de administrador de IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a ataques Cro... • http://www.securityfocus.com/bid/106204 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1901
https://notcve.org/view.php?id=CVE-2018-1901
12 Dec 2018 — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530. IBM WebSphere Application Server 8.5 y 9.0 podría permitir que un atacante remoto obtenga temporalmente privilegios elevados en el sistema, provocado por el uso de un valor cacheado incorrectamente. IBM X-Force ID: 152530. • https://exchange.xforce.ibmcloud.com/vulnerabilities/152530 •