CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2008-0389
https://notcve.org/view.php?id=CVE-2008-0389
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors. Una vulnerabilidad no especificada en la función serveServletsByClassnameEnabled en IBM WebSphere Application Server (WAS) versiones 6.0 hasta 6.0.2.25, versiones 6.1 hasta 6.1.0.14 y versiones 5.1.1.x anteriores a 5.1.1.18, presenta un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/28576 http://secunia.com/advisories/29687 http://www-1.ibm.com/support/docview.wss?uid=swg24018067 http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118 http://www.securityfocus.com/bid/27371 http://www.securitytracker.com/id?1019251 http://www.securitytracker.com/id?1019894 http://www.vupen.com/english/advisories/2008/0219 http://www.vupen.com/english/advisories/2008/1133 https://exchange.xforce.ibmcloud.com/vulnerabilities/39808 •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2007-6679
https://notcve.org/view.php?id=CVE-2007-6679
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected. Una vulnerabilidad no especificada en la Consola Administrativa en IBM WebSphere Application Server versión 6.1 anterior a Fix Pack 13, presenta vectores de ataques e impactos desconocidos, relacionados a "security concerns with monitor role users." NOTA: más tarde se reportó que las versión 6.0.2 anterior a Fix Pack 25 también esta afectado • http://secunia.com/advisories/28588 http://securitytracker.com/id?1019174 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/search.wss?rs=0&q=PK45768&apar=only http://www.vupen.com/english/advisories/2007/3955 http://www.vupen.com/english/advisories/2008/0241 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5798
https://notcve.org/view.php?id=CVE-2007-5798
Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el uddigui/navigateTree.do de la consola de usuario UDDI en el Servidor de Aplicaciones WebSphere de IBM (WAS) anterior al 6.1.0 con el parche 13 (6.1.0.13) permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de los parámetros (1) keyField, (2) nameField, (3) valueField y (4) frameReturn. • http://osvdb.org/41618 http://secunia.com/advisories/27448 http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245 http://www.securityfocus.com/bid/26276 http://www.securitytracker.com/id?1018884 http://www.vupen.com/english/advisories/2007/3672 https://exchange.xforce.ibmcloud.com/vulnerabilities/38177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5799
https://notcve.org/view.php?id=CVE-2007-5799
Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. Múltiples vulnerabilidades en la falsificación de petición en sitios cruzados (CSRF) en el uddigui/navigateTree.do de la consola de usuario UDDI en el Servidor de Aplicaciones WebSphere de IBM (WAS) anterior al 6.1.0 con el parche 13 (6.1.0.13) permiten a atacantes remotos llevar a cabo algunas acciones como usuarios WAS UDDI a través de los parámetros (1) keyField, (2) nameField, (3) valueField y (4) frameReturn. • http://osvdb.org/41619 http://secunia.com/advisories/27448 http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245 http://www.securityfocus.com/bid/26276 http://www.securitytracker.com/id?1018884 https://exchange.xforce.ibmcloud.com/vulnerabilities/38179 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4833
https://notcve.org/view.php?id=CVE-2007-4833
Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789. Vulnerabilidad no especificada en el componente Edge en IBM WebSphere Application Server (WAS) 6.1 anterior a Fix Pack 11 (6.1.0.11) tiene un impacto desconocido y vectores de ataque, también conocido como PK44789. • http://osvdb.org/41617 http://osvdb.org/42882 http://secunia.com/advisories/26761 http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/25626 http://www.securitytracker.com/id?1018666 http://www.vupen.com/english/advisories/2007/3101 https://exchange.xforce.ibmcloud.com/vulnerabilities/36525 •