CVE-2013-2962
https://notcve.org/view.php?id=CVE-2013-2962
Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors. Desbordamiento de buffer en el Launcher en IBM WebSphere Transformation Extender 8.4.x anterior a 8.4.0.4 permite a usuarios locales causar una denegación de servicio (caída del proceso o interrupción del flujo de comandos de la consola de administración) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21662870 https://exchange.xforce.ibmcloud.com/vulnerabilities/83722 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-6330
https://notcve.org/view.php?id=CVE-2013-6330
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, cuando el cacheo de archivo estático simpleFileServlet está habilitado, permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM98624 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 https://exchange.xforce.ibmcloud.com/vulnerabilities/88905 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-6325
https://notcve.org/view.php?id=CVE-2013-6325
IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request to a web services endpoint. IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8 y 8.5.x anteriores a 8.5.5.2 permite a atacantes remotos causar una denegacuón de servicio (consumo de recursos) a través de una petición manipulada al endpoint de servicios web. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99450 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 http://www-01.ibm.com/support/docview.wss?uid=swg21661325 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 https://exchange.xforce.ibmcloud.com/vulnerabilities/88906 • CWE-20: Improper Input Validation •
CVE-2013-6725
https://notcve.org/view.php?id=CVE-2013-6725
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad cross-site scripting (XSS) en Administrative Console de IBM WebSphere Application Server 7.x anteriores a 7.0.0.31, 8.0.x anteriores a 8.0.0.8, y 8.5.x anteriores a 8.5.5.2 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de una URL manipulada. • http://osvdb.org/102119 http://www-01.ibm.com/support/docview.wss?uid=swg1PM98132 http://www-01.ibm.com/support/docview.wss?uid=swg21661323 http://www-01.ibm.com/support/docview.wss?uid=swg21661325 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www.securityfocus.com/bid/65099 https://exchange.xforce.ibmcloud.com/vulnerabilities/89280 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-4012
https://notcve.org/view.php?id=CVE-2013-4012
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. IBM Websphere Portal 8.0.0.x anteriores a 8.0.0.1 CF09, cuando se utiliza Content Template Catalog 4.0, no requiere privilegios administrativos para la instalación de archivos Portal Application Archive (PAA), lo cual permite a usuarios remotos autenticados modificar datos o causar una denegación de servicio a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 https://exchange.xforce.ibmcloud.com/vulnerabilities/85618 • CWE-264: Permissions, Privileges, and Access Controls •