CVSS: 3.3EPSS: 0%CPEs: 52EXPL: 0CVE-2012-3311
https://notcve.org/view.php?id=CVE-2012-3311
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1 anteriores a v6.1.0.45, 7.0 anteriores a v7.0.0.25, 8.0 anteriores a v8.0.0.5, y 8.5 anteriores a v8.5.0.1 en z/OS, en ciertas configuraciones que implican Federated Repositories para conexiones IIOP y Optimized Local Adapters, no hacen las comprobaciones CBIND, lo que permite a usuarios locales evitar las restricciones de acceso establecidas, y leer y modificar datos de aplicaciones, a través de vectores no específicos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388 http://www.ibm.com/support/docview.wss?uid=swg21611313 http://www.securityfocus.com/bid/55671 https://exchange.xforce.ibmcloud.com/vulnerabilities/77697 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 51EXPL: 0CVE-2012-3306
https://notcve.org/view.php?id=CVE-2012-3306
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors. IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.45, v7.0 antes de v7.0.0.25, v8.0 antes de v8.0.0.5, y v8.5 antes de v8.5.0.1, cuando el soporte multi-dominio está configurado, no elimina la contraseña de la caché de autenticación, lo cual tiene un impacto no especificado y vectores de ataque remotos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM66514 http://www.ibm.com/support/docview.wss?uid=swg21611313 https://exchange.xforce.ibmcloud.com/vulnerabilities/77478 • CWE-255: Credentials Management Errors •
CVSS: 6.4EPSS: 0%CPEs: 64EXPL: 0CVE-2012-3305
https://notcve.org/view.php?id=CVE-2012-3305
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file. Vulnerabilidad de salto de directorio en IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, v7.0 antes de v7.0.0.25, v8.0 antes de v8.0.0.5, y v8.5 antes de v8.5.0.1 e permite a atacantes remotos sobreescribir archivos de su elección a través de un archivo de aplicación modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM62467 http://www.ibm.com/support/docview.wss?uid=swg21611313 https://exchange.xforce.ibmcloud.com/vulnerabilities/77477 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.0EPSS: 0%CPEs: 56EXPL: 0CVE-2012-3325
https://notcve.org/view.php?id=CVE-2012-3325
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors. IBM WebSphere Application Server (WAS) v6.1.x anterior a v6.1.0.45, v7.0.x anterior a v7.0.0.25, v8.0.x anterior a v8.0.0.5, y v8.5.x Full Profile anterior a v8.5.0.1, cuando el parche PM44303 esta instalado, no valida adecuadamente las credenciales, lo cual puede permitir a usuarios remotos autenticados obtener acceso administrativo a través de vectores no especificados. • http://secunia.com/advisories/54971 http://secunia.com/advisories/55115 http://www-01.ibm.com/support/docview.wss?uid=swg1PM71296 http://www.ibm.com/support/docview.wss?uid=swg21609067 http://www.securityfocus.com/bid/55309 http://www.securitytracker.com/id?1027462 https://exchange.xforce.ibmcloud.com/vulnerabilities/77959 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 47EXPL: 0CVE-2012-3293
https://notcve.org/view.php?id=CVE-2012-3293
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola de administración en IBM WebSphere Application Server (WAS) v6.1.x anterior a v6.1.0.45, v7.0.x anterior a v7.0.0.25, v8.0.x anterior a v8.0.0.4, y v8.5.x anterior a v8.5.0.1 que permite a atacantes remotos inyectar código web o html arbitrario a través de vectores que involucran elementos (FRAME), relacionados con un problema ejecución de código en marcos cruzados (cross-frame scripting) (XFS). • http://www-01.ibm.com/support/docview.wss?uid=swg1PM60839 http://www-01.ibm.com/support/docview.wss?uid=swg21606096 http://www-01.ibm.com/support/docview.wss?uid=swg27022958 http://www.securityfocus.com/bid/55149 https://exchange.xforce.ibmcloud.com/vulnerabilities/77179 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •