19 matches found
CVE-2009-2750
IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 is affected by CVE-2009-2750 due to missing/incorrect configuration properties, allowing remote authenticated users to access unspecified data via a property query. CVSS v2 base score 5.5 (MEDIUM): Network vector, low complexit...
CVE-2014-6153
CVE-2014-6153 affects IBM WebSphere Service Registry and Repository (WSRR) across multiple releases (6.3.x–6.3.0.5, 7.0.x–7.0.0.5, 7.5.x–7.5.0.4, 8.0.x before 8.0.0.3, 8.5.x before 8.5.0.1). The Web UI does not set the secure flag on cookies in HTTPS sessions, enabling cookie interception. Remedi...
CVE-2014-3010
This CVE (CVE-2014-3010) is an XSS in the IBM WebSphere Service Registry and Repository (WSRR) Web UI. Affected products/versions include WSRR 6.2; 6.3 up to 6.3.0.6; 7.0 up to 7.0.0.6; 7.5 up to 7.5.0.5; and 8.0 up to 8.0.0.3. The root cause is improper handling of user-controllable input in URL...
CVE-2014-6132
CVE-2014-6132 is a DOM-based cross-site scripting (XSS) vulnerability in the Web UI of IBM WebSphere Service Registry and Repository (WSRR). Affected are WSRR versions: 6.3 (up to 6.3.0.5), 7.0.x (up to 7.0.0.5), 7.5.x (up to 7.5.0.4), 8.0.x (before 8.0.0.3), and 8.5.x (before 8.5.0.1). The issue...
CVE-2014-6180
CVE-2014-6180 affects IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1. The Web UI is vulnerable to cross-site scripting via the HTTP User-Agent header, allowing remote authenticated users to inject arbitrary scripts/HTML. The related IBM bulletin...
CVE-2010-2644
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 has an access-control flaw in the EJB interface that could allow remote attackers to perform governance actions via unspecified API requests. Affected product: IBM WSRR 7.0.0 pre-FP1. Root cause: improper access-control impleme...
CVE-2014-6177
Affected product: IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3. Root cause: Access-control checks are not performed for depth-0 retrieve operations. Impact: Remote authenticated users can obtain sensitive information via unspecified vectors. R...
CVE-2014-6181
Summary : IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 is affected. The root cause is missing access-control checks for contained objects, allowing remote authenticated users to obtain sensitive information via unspecified vectors. Impact : information disclosure with...
CVE-2019-4537
IBM WebSphere Service Registry and Repository 8.5 is affected by an information-disclosure vulnerability (CVE-2019-4537) that allows obtaining sensitive version information. The affected product is WebSphere Service Registry and Repository 8.5; root cause is an information disclosure weakness tha...
CVE-2013-6721
CVE-2013-6721 is an XSS vulnerability in IBM WebSphere Service Registry and Repository (WSRR) affecting 7.5.x before 7.5.0.4 and 8.x up to 8.0.0.2. The issue allows remote authenticated users to inject arbitrary scripts/HTML via WSRR widgets. Public details indicate the root cause is insufficient...
CVE-2014-6155
IBM WebSphere Service Registry and Repository (WSRR) is affected by CVE-2014-6155: path traversal vulnerabilities in the ServiceRegistry UI that could allow remote authenticated users to read arbitrary files. Affected versions include 7.5.x (up to 7.5.0.4), 8.0.x (up to 8.0.0.3), and 8.5.x (up to...
CVE-2014-6160
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1 is affected by CVE-2014-6160: when using Chrome with WebSEAL, ServiceRegistryDashboardLogout actions are not properly processed, allowing a remote attacker to bypass access restrictions by exploiting an unattended workstation...
CVE-2014-6188
CVE-2014-6188 refers to multiple XSS vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) affecting 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2. The issues allow remote authenticated users to inject arbitrary web script or HTML vi...
CVE-2014-6187
CVE-2014-6187 is a CSRF vulnerability affecting IBM WebSphere Service Registry and Repository (WSRR) across multiple versions (6.3.x up to 6.3.0.5; 7.0.x up to 7.0.0.5; 7.5.x up to 7.5.0.3; 8.0.x up to 8.0.0.2). The issue allows remote authenticated users to hijack the victim’s authenticated sess...
CVE-2010-2985
CVE-2010-2985 affects IBM WebSphere Service Registry and Repository (WSRR) 6.3. It describes multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via two parameters: searchTerm in ServiceRegistry/HelpSearch.do and queryItems[0].val...
CVE-2014-6186
CVE-2014-6186 affects IBM WebSphere Service Registry and Repository (WSRR) across multiple release streams (6.3 before 6.3.0.5; 7.0.x up to 7.0.0.5; 7.5.x before 7.5.0.3; 8.0.x before 8.0.0.1). Root cause per IBM entries: objects not accessible due to access-control restrictions can still appear ...
CVE-2011-1357
Technical details about CVE-2011-1357 are not publicly available in the provided connected documents. Monitor for updates from official advisories.
CVE-2014-6178
CVE-2014-6178 affects IBM WebSphere Service Registry and Repository (WSRR) versions 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3. It is a cross-site scripting (XSS) vulnerability in the WSRR widgets that allows remote authenticated users to inject arbitrary web script or HTML via unspecified vec...
CVE-2014-6179
CVE-2014-6179 is a DOM-based XSS in the Web UI of IBM WebSphere Service Registry and Repository (WSRR). Affected are WSRR 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2, enabling remote attackers to inject arbitrary web script or HTML via unspecified vectors. Mitigation is to apply fixes: for 7.5,...