Lucene search
K

56 matches found

CVE
CVE
added 2017/06/20 12:0 a.m.42 views

CVE-2017-3744

CVE-2017-3744 affects Lenovo System x IMM2 firmware. Remote commands issued by LXCA/other utilities may be logged in the FFDC service log, potentially exposing clear-text login information to authorized users who can capture/export FFDC data. Impact is confined to Lenovo System x IMM2, with the v...

6.5CVSS6.7AI score0.00842EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2012/01/15 3:55 a.m.7 views

CVE-2011-5066

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

2.1CVSS5.5AI score0.00312EPSS
Exploits0References3
Prion
Prion
added 2012/01/15 3:55 a.m.24 views

Default configuration

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

2.1CVSS5.9AI score0.00312EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2012/01/15 2:0 a.m.67 views

CVE-2011-5066

CVE-2011-5066 affects IBM WebSphere Application Server 6.1 (Default Messaging Component). The SibRaRecoverableSiXaResource class does not properly handle a Service Integration Bus (SIB) dump operation in the FFDC introspection code, allowing local users to read the FFDC log file and obtain sensit...

2.1CVSS5.6AI score0.00312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2012/01/15 2:0 a.m.30 views

CVE-2011-5066

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

5.4AI score0.00312EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/09/23 12:0 a.m.42 views

IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 27 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - The Eclipse help system included with WebSphere Application Server is affected by a cross-site scripting vulnerability. PK78917 - It...

7.8CVSS6.8AI score0.52988EPSS
Exploits8References13
NVD
NVD
added 2009/09/21 7:30 p.m.22 views

CVE-2009-2743

IBM WebSphere Application Server WAS 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure...

2.1CVSS7.2AI score0.00387EPSS
Exploits1References6
Prion
Prion
added 2009/09/21 7:30 p.m.18 views

Design/Logic Flaw

IBM WebSphere Application Server WAS 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure...

2.1CVSS6AI score0.00387EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2009/09/21 7:0 p.m.24 views

CVE-2009-2743

IBM WebSphere Application Server WAS 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure...

5.6AI score0.00387EPSS
Exploits1References6
CVE
CVE
added 2009/09/21 7:0 p.m.55 views

CVE-2009-2743

CVE-2009-2743 affects IBM WebSphere Application Server 6.1 (before 6.1.0.27) and 7.0 (before 7.0.0.7). The issue arises when an exception occurs after using wsadmin scripts and configuring JAAS-J2C Authentication Data, allowing local users to read the FFDC log file and obtain sensitive informatio...

2.1CVSS5.6AI score0.00387EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/02/12 12:0 a.m.24 views

IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws

IBM WebSphere Application Server 6.1 before Fix Pack 21 appears to be running on the remote host. As such, it is reportedly affected by multiple flaws : - Provided Performance Monitoring Infrastructure PMI is enabled, it may be possible for a local attacker to obtain sensitive information through...

1.9CVSS5.5AI score0.00321EPSS
Exploits0References5
Prion
Prion
added 2009/02/10 10:30 p.m.17 views

Design/Logic Flaw

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server WAS 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure PMI is enabled, allows local users to obtain sensitive information by reading the 1...

1.9CVSS5.7AI score0.0145EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2006/08/18 8:4 p.m.22 views

CVE-2006-4223

IBM WebSphere Application Server WAS before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" PK23475, which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place...

5CVSS6.1AI score0.01357EPSS
Exploits0References8
Prion
Prion
added 2006/05/17 10:6 a.m.16 views

Code injection

WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...

7.5CVSS7.3AI score0.01982EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2006/05/17 10:6 a.m.24 views

CVE-2006-2436

WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...

7.5CVSS6.7AI score0.01982EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/05/17 10:0 a.m.24 views

CVE-2006-2436

WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...

6.7AI score0.01982EPSS
Exploits0References6
Rows per page
Query Builder