CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4575
https://notcve.org/view.php?id=CVE-2020-4575
27 Aug 2020 — IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. IBM WebSphere Application Server ND versiones 8.5 y 9.0, e IBM WebSphere Virtual Enterprise versiones 7.0 y 8.0, son vulnerables a un ataque de tipo cross-site scripting cuando High Availability Deployment Manager es configurado • https://exchange.xforce.ibmcloud.com/vulnerabilities/184363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 16%CPEs: 4EXPL: 0CVE-2020-4448 – IBM WebSphere UploadFileArgument Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4448
05 Jun 2020 — IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. IBM WebSphere Application Server Network Deployment versiones 7.0, 8.0, 8.5 y 9.0, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema con una secuencia de objetos serializados especialmente diseñada de fuentes no confiables. ID de IBM X... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181228 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4505
https://notcve.org/view.php?id=CVE-2019-4505
20 Sep 2019 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0, Network Deployment podría permitir a un atacante remoto obtener información confidencial, causado mediante el envío de una URL especialmente diseñada. Esto puede conllevar al ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/164364 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4030
https://notcve.org/view.php?id=CVE-2019-4030
06 Mar 2019 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946. IBM WebSphere Application Server, en sus versiones 8.5 y 9.0, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usua... • http://www.ibm.com/support/docview.wss?uid=ibm10869406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •