Websphere Service Registry And Repository@7.0.0.2 Security Vulnerabilities and Issues — Websphere Service Registry And Repository@7.0.0.2 CVE List

Lucene search

IbmWebsphere Service Registry And Repository7.0.0.2

10 matches found

CVE•added 2014/12/24 11:59 a.m.•41 views

CVE-2014-6153

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture...

4.3CVSS6.1AI score0.00609EPSS

CVE•added 2014/05/30 5:55 p.m.•38 views

CVE-2014-3010

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00256EPSS

CVE•added 2014/12/24 11:59 a.m.•37 views

CVE-2014-6132

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML v...

3.5CVSS5AI score0.00308EPSS

CVE•added 2014/12/24 11:59 a.m.•36 views

CVE-2014-6181

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4CVSS5.7AI score0.00165EPSS

CVE•added 2014/12/24 11:59 a.m.•35 views

CVE-2014-6177

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4CVSS5.7AI score0.00226EPSS

CVE•added 2014/12/24 11:59 a.m.•35 views

CVE-2014-6180

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header.

3.5CVSS5.2AI score0.00162EPSS

CVE•added 2014/12/24 11:59 a.m.•33 views

CVE-2014-6188

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.00291EPSS

CVE•added 2014/12/24 11:59 a.m.•31 views

CVE-2014-6186

IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph.

4CVSS6.1AI score0.00338EPSS

CVE•added 2014/12/24 11:59 a.m.•30 views

CVE-2014-6187

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unkn...

6CVSS6.7AI score0.00251EPSS

CVE•added 2011/08/11 10:55 p.m.•28 views

CVE-2011-1357

Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

4.3CVSS5.8AI score0.00202EPSS