Page 89 of 828 results (0.014 seconds)

CVSS: 5.0EPSS: 0%CPEs: 42EXPL: 0

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server. IBM WebSphere Application Server (WAS) 7.0.x anterior a 7.0.0.33, 8.0.x anterior a 8.0.0.9 y 8.5.x anterior a 8.5.5.2 permite a atacantes remotos obtener información sensible mediante el aprovechamiento del manejo incorrecto de solicitudes por el servidor (1) Proxy o (2) ODR. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI09786 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 https://exchange.xforce.ibmcloud.com/vulnerabilities/91286 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 14EXPL: 1

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.0 hasta 6.1.0.6 CF27, 6.1.5.0 hasta 6.1.5.3 CF27 y 7.0.0 hasta 7.0.0.2 CF28 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. IBM WebSphere Portal versions 7.0, 6.1.5, and 6.1.0 suffer from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/36941 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845 http://www-01.ibm.com/support/docview.wss?uid=swg21675257 https://exchange.xforce.ibmcloud.com/vulnerabilities/91875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de usuario en IBM WebSphere Service Registry And Repository (WSRR) 6.2, 6.3 anterior a 6.3.0.6, 7.0 anterior a 7.0.0.6, 7.5 anterior a 7.5.0.5 y 8.0 anterior a 8.0.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/58949 http://www-01.ibm.com/support/docview.wss?uid=swg1IV56254 http://www-01.ibm.com/support/docview.wss?uid=swg21672829 https://exchange.xforce.ibmcloud.com/vulnerabilities/92999 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 1%CPEs: 10EXPL: 0

IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request. IBM WebSphere Commerce 6.0 Feature Pack 2 hasta Feature Pack 5, 7.0.0.0 hasta 7.0.0.8 y 7.0 Feature Pack 1 hasta Feature Pack 7 permite a atacantes remotos causar una denegación de servicio (consumo de recursos y caída de demonio) a través de un parámetro id malformado en una solicitud. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR49881 http://www-01.ibm.com/support/docview.wss?uid=swg1JR49996 http://www-01.ibm.com/support/docview.wss?uid=swg21671377 http://www.securitytracker.com/id/1030284 https://exchange.xforce.ibmcloud.com/vulnerabilities/92402 • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 59EXPL: 0

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a usuarios remotos autenticados causar una denegación de servicio (bucle infinito) a través de una redirección de inicio de sesión. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92741 • CWE-20: Improper Input Validation •