CVE-2013-4054
https://notcve.org/view.php?id=CVE-2013-4054
Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. Vulnerabilidad de salto de directorio en WMQ Telemetry en IBM WebSphere MQ 7.5 anterior a 7.5.0.3 permite a atacantes remotos leer archivos arbitrarios a través de una URI manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21664550 https://exchange.xforce.ibmcloud.com/vulnerabilities/86506 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-6734
https://notcve.org/view.php?id=CVE-2013-6734
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. WebSphere eXtreme Scale Client versiones 7.1 hasta 8.6.0.4 de IBM, no aísla apropiadamente los datos almacenados en caché de diferentes usuarios, lo que permite a los usuarios autenticados remotos obtener información confidencial en circunstancias oportunistas al aprovechar el acceso al mismo contenedor web. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI06341 http://www-01.ibm.com/support/docview.wss?uid=swg21664641 https://exchange.xforce.ibmcloud.com/vulnerabilities/89397 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6722
https://notcve.org/view.php?id=CVE-2013-6722
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. Vulnerabilidad de subida de archivos sin restricción en el portlet Registration/Edit My Profile en IBM WebSphere Portal 7.x anterior a 7.0.0.2 CF27 y 8.x hasta 8.0.0.1 CF09 permite a atacantes remotos causar una denegación de servicio o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013 http://www-01.ibm.com/support/docview.wss?uid=swg21662873 https://exchange.xforce.ibmcloud.com/vulnerabilities/89235 •
CVE-2013-6728
https://notcve.org/view.php?id=CVE-2013-6728
The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory. El componente de análisis por gráficos en IBM WebSphere Dashboard Framework (WDF) 6.1.5 y 7.0.1 permite a atacantes remotos visualizar o eliminar archivos de imagen mediante el aprovechamiento de restricciones de seguridad incorrectas para un directorio temporal. • http://www-01.ibm.com/support/docview.wss?uid=swg1LO78265 http://www-01.ibm.com/support/docview.wss?uid=swg1LO78266 http://www-01.ibm.com/support/docview.wss?uid=swg21663022 https://exchange.xforce.ibmcloud.com/vulnerabilities/89283 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0855
https://notcve.org/view.php?id=CVE-2014-0855
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Connections Portlets 4.x anterior a 4.5.1 FP1 para IBM WebSphere Portal 7.0.0.2 y 8.0.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21663921 https://exchange.xforce.ibmcloud.com/vulnerabilities/90802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •