CVSS: 7.5EPSS: 13%CPEs: 136EXPL: 2CVE-2016-5983 – IBM WebSphere 7 / 8 / 8.5 / 9 Deserialization Issue
https://notcve.org/view.php?id=CVE-2016-5983
05 Oct 2016 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object. IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 en versiones anteriores a 8.5.5.11, 9.0 en versiones anteriores a 9.0.0.2 y Liberty en versiones anteriores a 16.0.0.4 permite a usuarios rem... • https://packetstorm.news/files/id/139073 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 136EXPL: 0CVE-2016-5986
https://notcve.org/view.php?id=CVE-2016-5986
01 Oct 2016 — IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.x en versiones anteriores a 8.0.0.13, 8.5.x en versiones anteriores a 8.5.5.11, 9.0.x en versiones anteriores a 9.0.0.2 y Liberty en versiones anteriores a 16.0.0.3... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI67093 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 67EXPL: 0CVE-2016-0385
https://notcve.org/view.php?id=CVE-2016-0385
01 Sep 2016 — Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. Desbordamiento de búfer en IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 en versiones anteriores a 8.5.5.10, 9.0 en versiones anteriores a... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI60026 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 67EXPL: 0CVE-2016-2960
https://notcve.org/view.php?id=CVE-2016-2960
08 Aug 2016 — IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages. IBM WebSphere Application Server (WAS) 7.x en versiones anteriores a 7.0.0.43, 8.0.0.x en versiones anteriores a 8.0.0.13, 8.5.0.x en versiones anteriores a 8.5.5.10, 8.5.0.x y 16.0.0.x Liberty en versiones anteriores a Liberty Fix P... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI61548 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 61EXPL: 0CVE-2016-0359
https://notcve.org/view.php?id=CVE-2016-0359
03 Jul 2016 — CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Vulnerabilidad de inyección CRLF en IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.43, 8.0 en versiones anteriores a 8.0.0.13, 8.5 Full en versiones anteriores a 8.5.5.10 y 8.5... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI58918 •
CVSS: 5.9EPSS: 0%CPEs: 49EXPL: 0CVE-2016-0306
https://notcve.org/view.php?id=CVE-2016-0306
17 May 2016 — IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before 8.0.0.13, and 8.5 before 8.5.5.10, when FIPS 140-2 is enabled, misconfigures TLS, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server (WAS) 7.0 en versiones anteriores a 7.0.0.41, 8.0 en versiones anteriores a 8.0.0.13 y 8.5 en versiones anteriores a 8.5.5.10, cuando FIPS 140-2 está activado, configura incorrectamente TLS, lo que permite a atacantes man-in-the... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI56190 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 47EXPL: 0CVE-2015-7417
https://notcve.org/view.php?id=CVE-2015-7417
23 Jan 2016 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider. Vulnerabilidad de XSS en IBM WebSphere Application Server 7.0 en versiones anteriores a 7.0.0.41, 8.0 en versiones anteriores a 8.0.0.12 y 8.5 en versiones anteriores a 8.5.5.9 permite a usuarios remotos autenticados inyectar secuencias de comandos web o H... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI49272 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 21EXPL: 2CVE-2015-7450 – IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
https://notcve.org/view.php?id=CVE-2015-7450
02 Jan 2016 — Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library. Interfaces de objetos serializados en determinados productos IBM analytics, business solutions, cognitive, IT infrastructure y mobile and social permiten a atacantes remotos ejecutar comandos arbitrario... • https://packetstorm.news/files/id/141631 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.7EPSS: 0%CPEs: 84EXPL: 0CVE-2015-2017
https://notcve.org/view.php?id=CVE-2015-2017
08 Nov 2015 — CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Vulnerabilidad de inyección CRLF en IBM WebSphere Application Server (WAS) 6.1 hasta la versión 6.1.0.47, 7.0 en versiones anteriores a 7.0.0.39, 8.0 en versiones anteriores a 8.0.0.12 y 8.5 en versiones anteriores a 8.5.5.8 permite a... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI45266 •
CVSS: 9.8EPSS: 0%CPEs: 54EXPL: 0CVE-2015-1927
https://notcve.org/view.php?id=CVE-2015-1927
14 Jul 2015 — The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors. La configuración por defecto de WebSphere Application Server (WAS) de IBM 7.0.0 anteriores a 7.0.0.39, 8.0.0 anteriores a 8.0.0.11 y 8.5 anteriores a 8.5.5.6, posee un valor falso en la ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI31622 • CWE-284: Improper Access Control •