Ibm Websphere Service Registry And Repository vulnerabilities

CVE-2019-4537 [MEDIUM] CVE-2019-4537: IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version inf IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593.

CVE-2014-6160 [LOW] CWE-264 CVE-2014-6160: IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

CVE-2014-6181 [MEDIUM] CWE-264 CVE-2014-6181: IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-co IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2014-6179 [MEDIUM] CWE-79 CVE-2014-6179: Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Reposit Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-6186 [MEDIUM] CWE-264 CVE-2014-6186: IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7. IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph.

CVE-2014-6177 [MEDIUM] CWE-264 CVE-2014-6177: IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 d IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2014-6155 [MEDIUM] CWE-22 CVE-2014-6155: Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Regi Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors.

CVE-2014-6187 [MEDIUM] CWE-352 CVE-2014-6187: Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Rep Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-6153 [MEDIUM] CWE-310 CVE-2014-6153: The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x thro The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within a

CVE-2014-6178 [LOW] CWE-79 CVE-2014-6178: Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Reposi Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-6132 [LOW] CWE-79 CVE-2014-6132: Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Reposit Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-6180 [LOW] CWE-79 CVE-2014-6180: Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Reposit Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header.

CVE-2014-6188 [LOW] CWE-79 CVE-2014-6188: Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-3010 [MEDIUM] CWE-79 CVE-2014-3010: Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Reposit Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2013-6721 [LOW] CWE-79 CVE-2013-6721: Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5 Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.

CVE-2011-1357 [MEDIUM] CWE-79 CVE-2011-1357: Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service R Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

CVE-2010-2644 [MEDIUM] CWE-264 CVE-2010-2644: IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement ac IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface.

CVE-2010-2985 [MEDIUM] CWE-79 CVE-2010-2985: Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do.

CVE-2009-2750 [MEDIUM] CWE-16 CVE-2009-2750: IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended con IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query.