Page 99 of 828 results (0.008 seconds)

CVSS: 4.3EPSS: 3%CPEs: 23EXPL: 0

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities. El parseador XML4J en IBM WebSphere Message Broker 6.1 antes 6.1.0.12, 7.0 antes 7.0.0.7 y 8.0.0.4 y 8.0 antes de IBM Integration Bus 9.0 antes 9.0.0.1 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un documento XML manipulado que provoca la expansión de muchas entidades. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-1507.html http://rhn.redhat.com/errata/RHSA-2013-1508.html http://rhn.redhat.com/errata/RHSA-2013-1509.html http://rhn.redhat.com/errata/RHSA-2013-1793.html http://secunia.com/advisories/56338 http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473 http://www-01.ibm.com/support/docview.wss?uid=swg21653087 http://www-01.ibm.com/support/docview.wss?uid • CWE-399: Resource Management Errors •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0

The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. La consola de monitorización en IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, y 8.6.0 permite a usuarios remotos sin autenticar llevar a cabo ataques de phishing a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439 http://www-01.ibm.com/support/docview.wss?uid=swg21652630 https://exchange.xforce.ibmcloud.com/vulnerabilities/87154 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la consola de monitorización en IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, y 8.6.0 permite a atacantes remotos sin autenticar inyectar script web arbitrario o HTML a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439 http://www-01.ibm.com/support/docview.wss?uid=swg21652630 https://exchange.xforce.ibmcloud.com/vulnerabilities/87126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. La consola de monitorización en IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, y 8.6.0 no procesa adecuadamente acciones de cierre de sesión, lo que tiene un impacto desconocido y vectores de ataque remotos. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM97439 http://www-01.ibm.com/support/docview.wss?uid=swg21652630 https://exchange.xforce.ibmcloud.com/vulnerabilities/87153 •

CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere DataPower XC10 appliance v2.0 hasta v2.5.0.1 permite a atacantes remotos conseguir acceso administrativo a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC96174 http://www.ibm.com/support/docview.wss?uid=swg21651098 https://exchange.xforce.ibmcloud.com/vulnerabilities/87299 •