CVSS: 7.4EPSS: 0%CPEs: 32EXPL: 0CVE-2011-1320
https://notcve.org/view.php?id=CVE-2011-1320
08 Mar 2011 — The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation. El componente de seguridad en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.35 y v7.x antes de v7.0.0.15, cuando se utili... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2011-1321
https://notcve.org/view.php?id=CVE-2011-1321
08 Mar 2011 — The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO). La aplicación de purga AuthCache en el componente de seguridad en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.37 y v7.x antes de v7.0.0.15, no ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM24668 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2011-1322
https://notcve.org/view.php?id=CVE-2011-1322
08 Mar 2011 — The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages. La implementación de SOAP con adjuntos para la API Java (SAAJ) en el componente de servicios Web en IBM WebSphere Application Server (WAS) v6.1.0.x antes de v6.1.0.37 y v7.x antes de v7.0.0.15, permite a atacantes remotos provoc... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2011-0315
https://notcve.org/view.php?id=CVE-2011-0315
12 Jan 2011 — Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. Ejecución de secuencias de comandos en sitios cruzados (XSS) en los componentes Servlet Engine / Web Container en IBM WebSphere Application Server (WAS) 6.1 anterior a v6.1.0.35 y v7.0 antrior a v7.0.0.15 ... • http://secunia.com/advisories/42938 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2011-0316
https://notcve.org/view.php?id=CVE-2011-0316
12 Jan 2011 — The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. El componente de Consola de Administración de IBM WebSphere Application Server (WAS) v6.1 antrior a v6.1.0.35 y v7.0.0.15 7.0 no restringe correctamente el acceso a la consola de servlets, lo que permite a atacantes remotos obtener... • http://secunia.com/advisories/42938 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 47EXPL: 0CVE-2010-0783
https://notcve.org/view.php?id=CVE-2010-0783
09 Nov 2010 — Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola administrativa en IBM WebSphere Application Server (WAS) v6.1 anterio v6.1.0.35 y v7.0 anteior v7.0.0.13 permite a atacantes remotos inyecatar código web o HTML de su elección a través de... • http://secunia.com/advisories/41722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2010-0785
https://notcve.org/view.php?id=CVE-2010-0785
09 Nov 2010 — Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.35 y v7.0 y v7.0.0.13, permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar a través de vect... • http://secunia.com/advisories/41722 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0CVE-2010-3700
https://notcve.org/view.php?id=CVE-2010-3700
29 Oct 2010 — VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. VMware SpringSource Spring Security v2.x anterior a v2.0.6 y v3.x anterior a v3.0.4, y Acegi Security v1.0.0 hasta v1.0.7, como el usado en IBM WebSphere Application Server (WAS) v6.1 y v7.0, permite a los atacantes remotos evitar las restricciones de segur... • http://osvdb.org/68931 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2010-0781
https://notcve.org/view.php?id=CVE-2010-0781
21 Sep 2010 — Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. Vulnerabilidad no especificada en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.33 permite a usuarios autenticados remotamente provocar una denegación de servicio (agotamiento de CPU) a través de una URL manipulada • http://secunia.com/advisories/41722 •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0778 – Gentoo Linux Security Advisory 201412-09
https://notcve.org/view.php?id=CVE-2010-0778
24 Jun 2010 — Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola de administración en IBM WebSphere Application Server (WAS) v6.1 anterior v6.1.0.33 y v7.0 anterior v7.0.0.11 permite a atacantes remotos inyectar código web o HTML de su elección a travé... • http://www-1.ibm.com/support/docview.wss?uid=swg1PM11778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •