CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45085 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2024-45085
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulnerability to cause an error resulting in a denial of service. • https://www.ibm.com/support/pages/node/7173128 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50314 – IBM WebSphere Application Server Libery information disclosure
https://notcve.org/view.php?id=CVE-2023-50314
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274713 https://www.ibm.com/support/pages/node/7165502 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28764 – IBM WebSphere Automation CSV injection
https://notcve.org/view.php?id=CVE-2024-28764
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623. IBM WebSphere Automation 1.7.0 podría permitir que un atacante con acceso privilegiado a la red realice una inyección CSV. Un atacante podría ejecutar comandos arbitrarios en el sistema, causados por una validación inadecuada del contenido del archivo csv. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285623 https://www.ibm.com/support/pages/node/7149857 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28775 – IBM WebSphere Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28775
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648. IBM WebSphere Automation 1.7.0 es vulnerable a Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285648 https://www.ibm.com/support/pages/node/7149856 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25026 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2024-25026
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. IBM WebSphere Application Server 8.5, 9.0 e IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.4 son vulnerables a una denegación de servicio provocada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para hacer que el servidor consuma recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281516 https://www.ibm.com/support/pages/node/7149330 • CWE-770: Allocation of Resources Without Limits or Throttling •