Lucene search

K
IbmWebsphere Service Registry And Repository

19 matches found

CVE
CVE
added 2010/02/04 8:15 p.m.43 views

CVE-2009-2750

IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query.

5.5CVSS6.2AI score0.0016EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.41 views

CVE-2014-6153

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture...

4.3CVSS6.1AI score0.00609EPSS
CVE
CVE
added 2014/05/30 5:55 p.m.38 views

CVE-2014-3010

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00256EPSS
CVE
CVE
added 2010/12/22 9:0 p.m.37 views

CVE-2010-2644

IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface.

5CVSS6.7AI score0.00256EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.37 views

CVE-2014-6132

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML v...

3.5CVSS5AI score0.00308EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.36 views

CVE-2014-6181

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4CVSS5.7AI score0.00165EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.35 views

CVE-2014-6177

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4CVSS5.7AI score0.00226EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.35 views

CVE-2014-6180

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header.

3.5CVSS5.2AI score0.00162EPSS
CVE
CVE
added 2020/02/26 4:15 p.m.35 views

CVE-2019-4537

IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593.

5.3CVSS4.8AI score0.0026EPSS
CVE
CVE
added 2013/12/17 3:21 p.m.34 views

CVE-2013-6721

Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.

3.5CVSS5.2AI score0.00253EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.34 views

CVE-2014-6155

Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors.

4CVSS6.3AI score0.00316EPSS
CVE
CVE
added 2014/12/29 2:59 a.m.33 views

CVE-2014-6160

IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

2.1CVSS6.6AI score0.00112EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.33 views

CVE-2014-6188

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.00291EPSS
CVE
CVE
added 2010/08/10 12:23 p.m.31 views

CVE-2010-2985

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry...

4.3CVSS5.7AI score0.00256EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.31 views

CVE-2014-6186

IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph.

4CVSS6.1AI score0.00338EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.30 views

CVE-2014-6187

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unkn...

6CVSS6.7AI score0.00251EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.29 views

CVE-2014-6178

Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.1AI score0.00162EPSS
CVE
CVE
added 2014/12/24 11:59 a.m.29 views

CVE-2014-6179

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00249EPSS
CVE
CVE
added 2011/08/11 10:55 p.m.28 views

CVE-2011-1357

Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

4.3CVSS5.8AI score0.00202EPSS