Vigil@nce - IBM WebSphere AS 8.0: multiple vulnerabilities
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of WebSphere AS 8.0.
Impacted products: WebSphere AS
Severity: 2/4
Creation date: 14/01/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in WebSphere AS 8.0.
An attacker can trigger a Cross Site Request Forgery.
[severity:2/4; BID-57510, CVE-2013-0460, PM72275]
An attacker can trigger a Cross Site Scripting in UDDI
Administrative Console, in order to execute JavaScript code in the
context of the web site. [severity:2/4; BID-62336, CVE-2013-4052,
PM91892]
An unknown vulnerability was announced in WS-SECURITY XML Digital
Signature. [severity:2/4; BID-62338, CVE-2013-4053, PM90949,
PM91521]
An attacker can escalate his privileges during the migration.
[severity:2/4; BID-63781, CVE-2013-5414, PM92313]
An attacker can trigger a Cross Site Scripting, in order to
execute JavaScript code in the context of the web site.
[severity:2/4; BID-63780, CVE-2013-5417, PM93323, PM93944]
An attacker can trigger a Cross Site Scripting in the
Administration Console, in order to execute JavaScript code in the
context of the web site. [severity:2/4; BID-63778, CVE-2013-5418,
PM96477]
An attacker can trigger a Cross Site Scripting, in order to
execute JavaScript code in the context of the web site.
[severity:2/4; BID-65099, CVE-2013-6725, PM98132]
An attacker can send malicious XML data to the XML Parser, in
order to trigger a denial of service. [severity:2/4; BID-65096,
CVE-2013-6325, PM99450]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-WebSphere-AS-8-0-multiple-vulnerabilities-14082