CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52899 – IBM Data Virtualization Manager code execution
https://notcve.org/view.php?id=CVE-2024-52899
26 Nov 2024 — IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. IBM Data Virtualization Manager para z/OS 1.1 y 1.2 podría permitir que un usuario autenticado inyecte parámetros de URL JDBC maliciosos y ejecute código en el servidor. • https://www.ibm.com/support/pages/node/7177091 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27265 – IBM Integration Bus for z/OS cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-27265
14 Mar 2024 — IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. IBM Integration Bus para z/OS 10.1 a 10.1.0.3 es vulnerable a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 284564. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284564 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26283 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-26283
22 Mar 2023 — IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-26281 – IBM HTTP Server denial of service
https://notcve.org/view.php?id=CVE-2023-26281
28 Feb 2023 — IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248296 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-23477 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2023-23477
03 Feb 2023 — IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245513 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43917 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2022-43917
25 Jan 2023 — IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045. El contenedor tradicional IBM WebSphere Application Server 8.5 y 9.0 utiliza claves criptográficas más débiles de lo esperado que podrían permitir a un atacante descifrar información confidencial. Esto afecta sólo a la versi... • https://exchange.xforce.ibmcloud.com/vulnerabilities/241045 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-40750 – IBM WebSphere Application Server cross-site scripting
https://notcve.org/view.php?id=CVE-2022-40750
11 Nov 2022 — IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando... • https://exchange.xforce.ibmcloud.com/vulnerabilities/236588 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2022-38712
https://notcve.org/view.php?id=CVE-2022-38712
03 Nov 2022 — "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762." "IBM WebSphere Application Server 7.0, 8.0, 8.5 y 9.0 podrían permitir que un atacante intermediario realice suplantación de SOAPAction para ejecutar operaciones no deseadas o no autorizadas. ID de IBM X-Force: 234762". • https://www.ibm.com/support/pages/node/6829907 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-34336
https://notcve.org/view.php?id=CVE-2022-34336
13 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
09 Sep 2022 — IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerable... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •