CVE-2014-3022
https://notcve.org/view.php?id=CVE-2014-3022
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9, y 8.5.x anterior a 8.5.5.3 permite a atacantes remotos obtener información sensible a través de una URL manipulada que provoca una condición de error. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI09594 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/68211 https://exchange.xforce.ibmcloud.com/vulnerabilities/93060 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4764
https://notcve.org/view.php?id=CVE-2014-4764
IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors. IBM WebSphere Application Server (WAS) 8.0.x anterior a 8.0.0.10 y 8.5.x anterior a 8.5.5.3, cuando Load Balancer para IPv4 Dispatcher está habilitado, permite a atacantes remotos causar una denegación de servicio (caída de Load Balancer) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI21189 http://www-01.ibm.com/support/docview.wss?uid=swg21681249 http://www.securityfocus.com/bid/69301 https://exchange.xforce.ibmcloud.com/vulnerabilities/94723 •
CVE-2014-3087
https://notcve.org/view.php?id=CVE-2014-3087
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. callService.do en IBM Business Process Manager (BPM) 7.5 hasta 8.5.5 y WebSphere Lombardi Edition 7.2 hasta 7.2.0.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una declaración de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE). • http://secunia.com/advisories/60752 http://secunia.com/advisories/60755 http://secunia.com/advisories/60757 http://www-01.ibm.com/support/docview.wss?uid=swg1JR50616 http://www-01.ibm.com/support/docview.wss?uid=swg21679726 http://www.securityfocus.com/bid/69264 https://exchange.xforce.ibmcloud.com/vulnerabilities/94112 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0852
https://notcve.org/view.php?id=CVE-2014-0852
IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack. Los aparatos IBM WebSphere DataPower SOA hasta 4.0.2.15, 5.x hasta 5.0.0.17, 6.0.0.x hasta 6.0.0.9, y 6.0.1.x hasta 6.0.1.5 facilita a atacantes remotos obtener un valor PreMasterSecret y vencer los mecanismos de protección criptográficos mediante el envío de un número grande de solicitudes en un ataque de tiempos de canal lateral SSL/TLS. • http://secunia.com/advisories/60112 http://www-01.ibm.com/support/docview.wss?uid=swg1IT01111 http://www-01.ibm.com/support/docview.wss?uid=swg21678204 https://exchange.xforce.ibmcloud.com/vulnerabilities/90753 • CWE-310: Cryptographic Issues •
CVE-2014-4746
https://notcve.org/view.php?id=CVE-2014-4746
IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests. IBM WebSphere Portal 8.0.0 anterior a 8.0.0.1 CF13 y 8.5.0 hasta CF01 proporciona códigos de error diferentes para las solicitudes de salto de firewall dependiendo de si existe o no el anfitrión de intranet, lo que permite a atacantes remotos mapear la red de la intranet a través de una serie de solicitudes. • http://secunia.com/advisories/60612 http://www-01.ibm.com/support/docview.wss?uid=swg1PI21858 http://www-01.ibm.com/support/docview.wss?uid=swg21680230 http://www.securitytracker.com/id/1030669 https://exchange.xforce.ibmcloud.com/vulnerabilities/94348 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •