CVE-2014-4761
https://notcve.org/view.php?id=CVE-2014-4761
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 hasta 8.5.0.0 CF02 permite a usuarios remotos autenticados descubrir credenciales mediante la lectura de código de fuente HTML. • http://secunia.com/advisories/61126 http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104 http://www-01.ibm.com/support/docview.wss?uid=swg21684652 https://exchange.xforce.ibmcloud.com/vulnerabilities/94658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-3060
https://notcve.org/view.php?id=CVE-2014-3060
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie. Vulnerabilidad no especificada en IBM WebSphere DataPower XC10 2.5 permite a atacantes remotos obtener privilegios de administración mediante el aprovechamiento del acceso a una red eXtreme Scale Distributed ObjectGrid y la captura de una cookie de sesión. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476 http://www-01.ibm.com/support/docview.wss?uid=swg21685705 https://exchange.xforce.ibmcloud.com/vulnerabilities/93534 •
CVE-2014-4793
https://notcve.org/view.php?id=CVE-2014-4793
IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors. IBM WebSphere MQ 8.x anterior a 8.0.0.1 no fuerza debidamente las normas CHLAUTH para el bloqueo de las conexiones de clientes en ciertas circunstancias relacionadas con el atributo CONNAUTH, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso a la gestión de colas a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21685526 https://exchange.xforce.ibmcloud.com/vulnerabilities/95208 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-3059
https://notcve.org/view.php?id=CVE-2014-3059
Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network. Vulnerabilidad no especificada en la consola de administración en IBM WebSphere DataPower XC10 2.5 permite a atacantes remotos obtener privilegios de administración mediante el aprovechamiento del acceso a una red de eXtreme Scale Distributed ObjectGrid. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476 http://www-01.ibm.com/support/docview.wss?uid=swg21685705 https://exchange.xforce.ibmcloud.com/vulnerabilities/93533 •
CVE-2014-4816
https://notcve.org/view.php?id=CVE-2014-4816
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en la consola de administración en IBM WebSphere Application Server (WAS) 6.x hasta 6.1.0.47, 7.0 anterior a 7.0.0.35, 8.0 anterior a 8.0.0.10 y 8.5 anterior a 8.5.5.4 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias XSS. • http://secunia.com/advisories/61418 http://secunia.com/advisories/61423 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055 http://www-01.ibm.com/support/docview.wss?uid=swg21682767 http://www.kb.cert.org/vuls/id/573356 http://www.securityfocus.com/bid/69980 https://exchange.xforce.ibmcloud.com/vulnerabilities/95402 • CWE-352: Cross-Site Request Forgery (CSRF) •