Vulnerabilities > IBM > Websphere Service Registry AND Repository > 7.5.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-24 | CVE-2014-6188 | Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2014-12-24 | CVE-2014-6187 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Service Registry and Repository Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 6.0 |
2014-12-24 | CVE-2014-6186 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph. | 4.0 |
2014-12-24 | CVE-2014-6180 | Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header. | 3.5 |
2014-12-24 | CVE-2014-6179 | Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-12-24 | CVE-2014-6178 | Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2014-12-24 | CVE-2014-6177 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |
2014-12-24 | CVE-2014-6155 | Path Traversal vulnerability in IBM Websphere Service Registry and Repository Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors. | 4.0 |
2014-12-24 | CVE-2014-6153 | Cryptographic Issues vulnerability in IBM Websphere Service Registry and Repository The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 4.3 |
2014-12-24 | CVE-2014-6132 | Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |