CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1695
https://notcve.org/view.php?id=CVE-2018-1695
06 Sep 2018 — IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769. Las instalaciones de IBM WebSphere Application Server 7.0, 8.0 y 8.5.5 que emplean Form Login podrían permitir que un atacante remoto lleve a cabo ataques de suplantación. IBM X-Force ID: 145769. • http://www.securitytracker.com/id/1041643 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1621
https://notcve.org/view.php?id=CVE-2018-1621
06 Jul 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante local obtenga contraseñas en texto claro en un archivo trace provocado por la gestión incorrecta de algunas propiedades datasource personalizadas. IBM X-Force ID: 144346. • http://www.ibm.com/support/docview.wss?uid=swg22016821 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1553
https://notcve.org/view.php?id=CVE-2018-1553
27 Jun 2018 — IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890. IBM WebSphere Application Server Liberty en versiones anteriores a la 18.0.0.2 podría permitir que un atacante remoto obtenga información sensible. Esto viene provocado por la gestión incorrecta de excepciones por parte de la característica SAML Web SSO. IBM X-Force ID: 142890. • http://www.ibm.com/support/docview.wss?uid=swg22016218 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1614
https://notcve.org/view.php?id=CVE-2018-1614
26 Jun 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 que utilizan respuestas SAML mal formadas desde el proveedor de identidad SAML podría permitir que un atacante remoto obtenga información sensible. IBM X-Force ID: 144270. • http://www.securitytracker.com/id/1041168 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3024
https://notcve.org/view.php?id=CVE-2013-3024
24 May 2018 — IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. IBM WebSphere Application Server (WAS) de la versión 8.5 hasta la 8.5.0.2 en UNIX permite que usuarios locales obtengan privilegios aprovechando la inicialización incorrecta de procesos. IBM X-Force ID: 84362. • http://www-01.ibm.com/support/docview.wss?&uid=swg21639553 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1743
https://notcve.org/view.php?id=CVE-2017-1743
04 May 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto obtenga información sensible provocado por la gestión incorrecta de los campos del panel Administrative Console. Al explotarse, un atacante podría navega... • http://www.ibm.com/support/docview.wss?uid=swg22013601 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1741
https://notcve.org/view.php?id=CVE-2017-1741
14 Mar 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could read files on the file system. IBM X-Force ID: 134931. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto obtenga información sensible provocado por la gestión incorrecta de los campos del panel Administrative Console. Al explotarse, un atacante podría... • http://www.ibm.com/support/docview.wss?uid=swg22012342 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1731
https://notcve.org/view.php?id=CVE-2017-1731
30 Jan 2018 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podría proporcionar seguridad más débil de la esperada al emplear la consola de administración. Un atacante remoto autenticado podría explotar esta vulnerabilidad para obtener privilegios elevados. • http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1503
https://notcve.org/view.php?id=CVE-2017-1503
10 Oct 2017 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 es vulnerable a ataques d... • http://www-01.ibm.com/support/docview.wss?uid=swg22006815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2017-1501
https://notcve.org/view.php?id=CVE-2017-1501
18 Aug 2017 — IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. IBM WebSphere Application Server 8.0, 8.5 y 9.0 podría proporcionar una seguridad más débil de lo esperado después de usar la consola de administrador para actualizar la configuración de seguridad de los servicios web. IBM X-Force ID: 129576. • http://www.ibm.com/support/docview.wss?uid=swg22006810 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •