56 matches found
CVE-2017-3744
CVE-2017-3744 affects Lenovo System x IMM2 firmware. Remote commands issued by LXCA/other utilities may be logged in the FFDC service log, potentially exposing clear-text login information to authorized users who can capture/export FFDC data. Impact is confined to Lenovo System x IMM2, with the v...
CVE-2011-5066
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...
Default configuration
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...
CVE-2011-5066
CVE-2011-5066 affects IBM WebSphere Application Server 6.1 (Default Messaging Component). The SibRaRecoverableSiXaResource class does not properly handle a Service Integration Bus (SIB) dump operation in the FFDC introspection code, allowing local users to read the FFDC log file and obtain sensit...
CVE-2011-5066
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...
IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 27 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - The Eclipse help system included with WebSphere Application Server is affected by a cross-site scripting vulnerability. PK78917 - It...
CVE-2009-2743
IBM WebSphere Application Server WAS 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure...
Design/Logic Flaw
IBM WebSphere Application Server WAS 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure...
CVE-2009-2743
IBM WebSphere Application Server WAS 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure...
CVE-2009-2743
CVE-2009-2743 affects IBM WebSphere Application Server 6.1 (before 6.1.0.27) and 7.0 (before 7.0.0.7). The issue arises when an exception occurs after using wsadmin scripts and configuring JAAS-J2C Authentication Data, allowing local users to read the FFDC log file and obtain sensitive informatio...
IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws
IBM WebSphere Application Server 6.1 before Fix Pack 21 appears to be running on the remote host. As such, it is reportedly affected by multiple flaws : - Provided Performance Monitoring Infrastructure PMI is enabled, it may be possible for a local attacker to obtain sensitive information through...
Design/Logic Flaw
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server WAS 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure PMI is enabled, allows local users to obtain sensitive information by reading the 1...
CVE-2006-4223
IBM WebSphere Application Server WAS before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" PK23475, which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place...
Code injection
WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...
CVE-2006-2436
WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...
CVE-2006-2436
WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...