CVE-2019-4442
https://notcve.org/view.php?id=CVE-2019-4442
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto saltar directorios sobre el sistema de archivos. Un atacante podría enviar una petición de URL especialmente diseñada para visualizar archivos arbitrarios sobre el sistema pero no contenido. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163226 https://www.ibm.com/support/pages/node/959021 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-4271
https://notcve.org/view.php?id=CVE-2019-4271
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. La consola de administración de IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es susceptible a una vulnerabilidad de contaminación de parámetros HTTP del lado del cliente. ID de IBM X-Force: 160243. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160243 https://www.ibm.com/support/pages/node/884040 • CWE-20: Improper Input Validation •
CVE-2019-4270
https://notcve.org/view.php?id=CVE-2019-4270
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203. La Consola de administración de IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, es vulnerable a cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista conllevando potencialmente a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160203 https://www.ibm.com/support/pages/node/884036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4268
https://notcve.org/view.php?id=CVE-2019-4268
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una URL especialmente diseñada que contenga secuencias (/../) "dot dot" para visualizar archivos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160201 https://www.ibm.com/support/pages/node/884030 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-4279 – IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-4279
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445. IBM WebSphere Application Server 8.5 y 9.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia especialmente diseñada de objetos serializados de fuentes no confiables. ID de IBM X-Force: 160445. • https://www.exploit-db.com/exploits/46969 http://www.securityfocus.com/bid/108450 https://exchange.xforce.ibmcloud.com/vulnerabilities/160445 https://www.ibm.com/support/docview.wss?uid=ibm10883628 https://www-01.ibm.com/support/docview.wss?uid=ibm10883628 • CWE-502: Deserialization of Untrusted Data •