Lucene search
+L
IbmWebsphere Service Registry And Repository

19 matches found

CVE
CVE
added 2010/02/04 6:0 p.m.55 views

CVE-2009-2750

IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 is affected by CVE-2009-2750 due to missing/incorrect configuration properties, allowing remote authenticated users to access unspecified data via a property query. CVSS v2 base score 5.5 (MEDIUM): Network vector, low complexit...

5.5CVSS6.2AI score0.00956EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.54 views

CVE-2014-6153

CVE-2014-6153 affects IBM WebSphere Service Registry and Repository (WSRR) across multiple releases (6.3.x–6.3.0.5, 7.0.x–7.0.0.5, 7.5.x–7.5.0.4, 8.0.x before 8.0.0.3, 8.5.x before 8.5.0.1). The Web UI does not set the secure flag on cookies in HTTPS sessions, enabling cookie interception. Remedi...

4.3CVSS6.1AI score0.02049EPSS
CVE
CVE
added 2014/05/30 5:0 p.m.51 views

CVE-2014-3010

This CVE (CVE-2014-3010) is an XSS in the IBM WebSphere Service Registry and Repository (WSRR) Web UI. Affected products/versions include WSRR 6.2; 6.3 up to 6.3.0.6; 7.0 up to 7.0.0.6; 7.5 up to 7.5.0.5; and 8.0 up to 8.0.0.3. The root cause is improper handling of user-controllable input in URL...

4.3CVSS5.7AI score0.01161EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.50 views

CVE-2014-6132

CVE-2014-6132 is a DOM-based cross-site scripting (XSS) vulnerability in the Web UI of IBM WebSphere Service Registry and Repository (WSRR). Affected are WSRR versions: 6.3 (up to 6.3.0.5), 7.0.x (up to 7.0.0.5), 7.5.x (up to 7.5.0.4), 8.0.x (before 8.0.0.3), and 8.5.x (before 8.5.0.1). The issue...

3.5CVSS5AI score0.01615EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.50 views

CVE-2014-6180

CVE-2014-6180 affects IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1. The Web UI is vulnerable to cross-site scripting via the HTTP User-Agent header, allowing remote authenticated users to inject arbitrary scripts/HTML. The related IBM bulletin...

3.5CVSS5.2AI score0.01417EPSS
CVE
CVE
added 2010/12/22 8:0 p.m.48 views

CVE-2010-2644

IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 has an access-control flaw in the EJB interface that could allow remote attackers to perform governance actions via unspecified API requests. Affected product: IBM WSRR 7.0.0 pre-FP1. Root cause: improper access-control impleme...

5CVSS6.7AI score0.01209EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.47 views

CVE-2014-6177

Affected product: IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3. Root cause: Access-control checks are not performed for depth-0 retrieve operations. Impact: Remote authenticated users can obtain sensitive information via unspecified vectors. R...

4CVSS5.7AI score0.01638EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.47 views

CVE-2014-6181

Summary : IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 is affected. The root cause is missing access-control checks for contained objects, allowing remote authenticated users to obtain sensitive information via unspecified vectors. Impact : information disclosure with...

4CVSS5.7AI score0.0162EPSS
CVE
CVE
added 2020/02/26 3:55 p.m.47 views

CVE-2019-4537

IBM WebSphere Service Registry and Repository 8.5 is affected by an information-disclosure vulnerability (CVE-2019-4537) that allows obtaining sensitive version information. The affected product is WebSphere Service Registry and Repository 8.5; root cause is an information disclosure weakness tha...

5.3CVSS4.8AI score0.01067EPSS
CVE
CVE
added 2013/12/17 11:0 a.m.45 views

CVE-2013-6721

CVE-2013-6721 is an XSS vulnerability in IBM WebSphere Service Registry and Repository (WSRR) affecting 7.5.x before 7.5.0.4 and 8.x up to 8.0.0.2. The issue allows remote authenticated users to inject arbitrary scripts/HTML via WSRR widgets. Public details indicate the root cause is insufficient...

3.5CVSS5.2AI score0.011EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.45 views

CVE-2014-6155

IBM WebSphere Service Registry and Repository (WSRR) is affected by CVE-2014-6155: path traversal vulnerabilities in the ServiceRegistry UI that could allow remote authenticated users to read arbitrary files. Affected versions include 7.5.x (up to 7.5.0.4), 8.0.x (up to 8.0.0.3), and 8.5.x (up to...

4CVSS6.3AI score0.02424EPSS
CVE
CVE
added 2014/12/29 2:0 a.m.45 views

CVE-2014-6160

IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1 is affected by CVE-2014-6160: when using Chrome with WebSEAL, ServiceRegistryDashboardLogout actions are not properly processed, allowing a remote attacker to bypass access restrictions by exploiting an unattended workstation...

2.1CVSS6.6AI score0.00608EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.44 views

CVE-2014-6188

CVE-2014-6188 refers to multiple XSS vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) affecting 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2. The issues allow remote authenticated users to inject arbitrary web script or HTML vi...

3.5CVSS5.2AI score0.01543EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.43 views

CVE-2014-6187

CVE-2014-6187 is a CSRF vulnerability affecting IBM WebSphere Service Registry and Repository (WSRR) across multiple versions (6.3.x up to 6.3.0.5; 7.0.x up to 7.0.0.5; 7.5.x up to 7.5.0.3; 8.0.x up to 8.0.0.2). The issue allows remote authenticated users to hijack the victim’s authenticated sess...

6CVSS6.7AI score0.00866EPSS
CVE
CVE
added 2010/08/09 8:0 p.m.42 views

CVE-2010-2985

CVE-2010-2985 affects IBM WebSphere Service Registry and Repository (WSRR) 6.3. It describes multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via two parameters: searchTerm in ServiceRegistry/HelpSearch.do and queryItems[0].val...

4.3CVSS5.7AI score0.01073EPSS
Web
CVE
CVE
added 2014/12/24 11:0 a.m.42 views

CVE-2014-6186

CVE-2014-6186 affects IBM WebSphere Service Registry and Repository (WSRR) across multiple release streams (6.3 before 6.3.0.5; 7.0.x up to 7.0.0.5; 7.5.x before 7.5.0.3; 8.0.x before 8.0.0.1). Root cause per IBM entries: objects not accessible due to access-control restrictions can still appear ...

4CVSS6.1AI score0.01805EPSS
CVE
CVE
added 2011/08/11 10:0 p.m.41 views

CVE-2011-1357

Technical details about CVE-2011-1357 are not publicly available in the provided connected documents. Monitor for updates from official advisories.

4.3CVSS5.8AI score0.00845EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.40 views

CVE-2014-6178

CVE-2014-6178 affects IBM WebSphere Service Registry and Repository (WSRR) versions 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3. It is a cross-site scripting (XSS) vulnerability in the WSRR widgets that allows remote authenticated users to inject arbitrary web script or HTML via unspecified vec...

3.5CVSS5.1AI score0.01417EPSS
CVE
CVE
added 2014/12/24 11:0 a.m.40 views

CVE-2014-6179

CVE-2014-6179 is a DOM-based XSS in the Web UI of IBM WebSphere Service Registry and Repository (WSRR). Affected are WSRR 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2, enabling remote attackers to inject arbitrary web script or HTML via unspecified vectors. Mitigation is to apply fixes: for 7.5,...

4.3CVSS5.6AI score0.01792EPSS