CVE-2014-0896
https://notcve.org/view.php?id=CVE-2014-0896
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x anterior a 8.5.5.2 permite a atacantes remotos obtener información sensible a través de una solicitud manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI10134 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 https://exchange.xforce.ibmcloud.com/vulnerabilities/91326 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0901
https://notcve.org/view.php?id=CVE-2014-0901
Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la implementación Social Rendering en la integración de IBM Connections en IBM WebSphere Portal 8.0.0.x anterior a 8.0.0.1 CF11 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659 http://www-01.ibm.com/support/docview.wss?uid=swg21667016 http://www.securityfocus.com/bid/66559 https://exchange.xforce.ibmcloud.com/vulnerabilities/91398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0828
https://notcve.org/view.php?id=CVE-2014-0828
Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de usuario de WCM (Web Content Manager) en IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF11 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734 http://www-01.ibm.com/support/docview.wss?uid=swg21667016 http://www.securityfocus.com/bid/66556 https://exchange.xforce.ibmcloud.com/vulnerabilities/90566 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-5401
https://notcve.org/view.php?id=CVE-2013-5401
The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors. El listener de puerto de comando en IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x anterior a 2.1.0.1 permite a atacantes remotos causar una denegación de servicio (interrupción de administración remota) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21666863 https://exchange.xforce.ibmcloud.com/vulnerabilities/87297 •
CVE-2013-6730
https://notcve.org/view.php?id=CVE-2013-6730
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x anterior a 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF10, cuando la configuración wcm.path.traversal.security está habilitada, permite a atacantes remotos evadir restricciones de lectura en un artículo mediante el acceso a este artículo dentro de los resultados de búsqueda. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185 http://www-01.ibm.com/support/docview.wss?uid=swg21665915 https://exchange.xforce.ibmcloud.com/vulnerabilities/89363 • CWE-264: Permissions, Privileges, and Access Controls •