Filtered by vendor Ibm
Subscribe
Filtered by product Websphere Service Registry And Repository
Subscribe
Total
19 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4537 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593. | |||||
CVE-2014-6179 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-6180 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header. | |||||
CVE-2014-6181 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 4.0 MEDIUM | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-6155 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 4.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors. | |||||
CVE-2014-6186 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 4.0 MEDIUM | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph. | |||||
CVE-2014-6160 | 2 Google, Ibm | 3 Chrome, Webseal, Websphere Service Registry And Repository | 2024-02-04 | 2.1 LOW | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
CVE-2014-6177 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 4.0 MEDIUM | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-6188 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-6178 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-3010 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2014-6187 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 6.0 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2014-6153 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 4.3 MEDIUM | N/A |
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
CVE-2014-6132 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-6721 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets. | |||||
CVE-2011-1357 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
CVE-2010-2644 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 5.0 MEDIUM | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface. | |||||
CVE-2010-2985 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do. | |||||
CVE-2009-2750 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-04 | 5.5 MEDIUM | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. |