32 matches found
EUVD-2014-6073
Malware in sbrugna...
EUVD-2014-6072
Malware in sbrugna...
CVE-2010-2985
Multiple cross-site scripting XSS vulnerabilities in IBM WebSphere Service Registry and Repository WSRR 6.3 allow remote attackers to inject arbitrary web script or HTML via 1 the searchTerm parameter to ServiceRegistry/HelpSearch.do or 2 the queryItems0.value parameter to...
Security Bulletin: IBM Integration Bus affected by WAS is susceptible to TLS downgrade if using FIPS and JVM property if using non WAS keystore/truststore
Summary IBM Integration Bus ships with a version of the WSRR thin client which is susceptible to vulnerabilities which were reported and have been addressed' Vulnerability Details CVEID: CVE-2018-1719 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security under...
Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository (CVE-2016-1000031)
Summary Vulnerability in Apache Commons FileUpload affects IBM WebSphere Service Registry and Repository CVE-2016-1000031 Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in certain products, could allow a remote attacker to execute arbitrary code on t...
Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository Studio (CVE-2015-7450)
Summary Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository Studio CVE-2015-7450 Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserializatio...
Security Bulletin: Various security issues exist in WebSphere Service Registry and Repository version 8.5
Summary This bulletin describes a variety of noncritical security issues that have been found and fixed in WebSphere Service Registry and Repository version 8.5. Vulnerability Details CVE ID: CVE-2014-6153 DESCRIPTION: WSRR WEBUI ISSUES A COOKIE WHICH IS NOT DECLARED SSL ONLY. CVSS CVSS Base Scor...
IBM WebSphere Service Registry and Repository 8.5 < 8.5.0.1 Multiple Vulnerabilities
The version of IBM WebSphere Service Registry and Repository WSRR is version 8.5 prior to 8.5.0.1. It is therefore, affected by multiple vulnerabilities : - An unspecified DOM based cross-site scripting XSS vulnerability in the WSRR web UI. CVE-2014-6132 - WSSR web interface issues a cookie that ...
Design/Logic Flaw
IBM WebSphere Service Registry and Repository WSRR 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation...
CVE-2014-6160
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1 is affected by CVE-2014-6160: when using Chrome with WebSEAL, ServiceRegistryDashboardLogout actions are not properly processed, allowing a remote attacker to bypass access restrictions by exploiting an unattended workstation...
CVE-2014-6160
IBM WebSphere Service Registry and Repository WSRR 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation...
CVE-2014-6153
The Web UI in IBM WebSphere Service Registry and Repository WSRR 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture...
Design/Logic Flaw
IBM WebSphere Service Registry and Repository WSRR 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph...
CVE-2014-6188
CVE-2014-6188 refers to multiple XSS vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) affecting 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2. The issues allow remote authenticated users to inject arbitrary web script or HTML vi...
CVE-2014-6153
CVE-2014-6153 affects IBM WebSphere Service Registry and Repository (WSRR) across multiple releases (6.3.x–6.3.0.5, 7.0.x–7.0.0.5, 7.5.x–7.5.0.4, 8.0.x before 8.0.0.3, 8.5.x before 8.5.0.1). The Web UI does not set the secure flag on cookies in HTTPS sessions, enabling cookie interception. Remedi...
CVE-2014-6177
IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2014-6181
Summary : IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 is affected. The root cause is missing access-control checks for contained objects, allowing remote authenticated users to obtain sensitive information via unspecified vectors. Impact : information disclosure with...
CVE-2014-6180
CVE-2014-6180 affects IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1. The Web UI is vulnerable to cross-site scripting via the HTTP User-Agent header, allowing remote authenticated users to inject arbitrary scripts/HTML. The related IBM bulletin...
CVE-2014-6187
CVE-2014-6187 is a CSRF vulnerability affecting IBM WebSphere Service Registry and Repository (WSRR) across multiple versions (6.3.x up to 6.3.0.5; 7.0.x up to 7.0.0.5; 7.5.x up to 7.5.0.3; 8.0.x up to 8.0.0.2). The issue allows remote authenticated users to hijack the victim’s authenticated sess...
CVE-2014-6155
IBM WebSphere Service Registry and Repository (WSRR) is affected by CVE-2014-6155: path traversal vulnerabilities in the ServiceRegistry UI that could allow remote authenticated users to read arbitrary files. Affected versions include 7.5.x (up to 7.5.0.4), 8.0.x (up to 8.0.0.3), and 8.5.x (up to...