CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1801
https://notcve.org/view.php?id=CVE-2018-1801
04 Feb 2019 — IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639. IBM App Connect, desde la versión V11.0.0.0 hasta la V11.0.0.1; IBM Integration Bus, desde la versión V10.0.0.0 hasta la V... • http://www.ibm.com/support/docview.wss?uid=ibm10795780 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1418
https://notcve.org/view.php?id=CVE-2017-1418
26 Nov 2018 — IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406. La versiones 9.0.0.0, 9.0.0.11, 10.0.0.0 y 10.0.0.14 de IBM Integration Bus (inclusivas las 8.0.0.0 y 8.0.0.9 de WebSphere Message Broker) tienen permisos inseguros en determinados archivos. Un atacante local podría... • http://www.ibm.com/support/docview.wss?uid=ibm10735181 • CWE-275: Permission Issues •
CVSS: 6.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-1693
https://notcve.org/view.php?id=CVE-2017-1693
19 Jan 2018 — IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164. IBM Integration Bus 9.0 y 10.0 podría permitir que un atacante que haya capturado un id de sesión válido secuestre la sesión de otro usuario durante una pequeña franja de tiempo antes de que la sesión expire. IBM X-Force ID: 134164. • http://www.ibm.com/support/docview.wss?uid=swg22012642 • CWE-613: Insufficient Session Expiration •
CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 0CVE-2017-1694
https://notcve.org/view.php?id=CVE-2017-1694
20 Dec 2017 — IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. IBM Integration Bus 9.0 y 10.0 transmite credenciales de usuario en texto claro y plano que podrían ser leídas por un atacante que utilice técnicas Man-in-the-Middle (MitM). IBM X-Force ID: 134165. • http://www.ibm.com/support/docview.wss?uid=swg22011695 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2017-1126
https://notcve.org/view.php?id=CVE-2017-1126
03 Oct 2017 — IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. IBM WebSphere Message Broker (IBM Integration Bus 9.0 y 10.0) permite que un usuario no autorizado obtenga información sensible sobre versiones de software que podría permitir que se produzcan futuros ataques. IBM X-Force ID: 121341. • http://www.ibm.com/support/docview.wss?uid=swg22008470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •