4 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Tivoli Integrated Portal desde la versión 2.2.0.0 hasta la 2.2.0.15 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21981591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en IBM Tivoli Integrated Portal (TIP) 2.2.x permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61899 http://www-01.ibm.com/support/docview.wss?uid=swg1PI27417 http://www-01.ibm.com/support/docview.wss?uid=swg21687541 http://www.securityfocus.com/bid/70729 https://exchange.xforce.ibmcloud.com/vulnerabilities/97034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en IBM Tivoli Integrated Portal (TIP) 2.2.x permite a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de respuestas HTTP divididas a través de vectores no especificados. • http://secunia.com/advisories/61899 http://www-01.ibm.com/support/docview.wss?uid=swg1PI27417 http://www-01.ibm.com/support/docview.wss?uid=swg21687541 http://www.securityfocus.com/bid/70727 https://exchange.xforce.ibmcloud.com/vulnerabilities/97033 • CWE-20: Improper Input Validation •

CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program. install.sh en Embedded WebSphere Application Server (eWAS) 7.0 anterior a FP33 en IBM Tivoli Integrated Portal (TIP) 2.1 y 2.2 configura permisos de lectura universal para el árbol de directorio installRoot, lo que permite a usuarios locales ganar privilegios a través de un programa de caballo de troya. • http://secunia.com/advisories/59687 http://secunia.com/advisories/59795 http://secunia.com/advisories/60552 http://www-01.ibm.com/support/docview.wss?uid=swg21679952 http://www-01.ibm.com/support/docview.wss?uid=swg21680254 http://www-01.ibm.com/support/docview.wss?uid=swg21680841 http://www.securityfocus.com/bid/69034 https://exchange.xforce.ibmcloud.com/vulnerabilities/93056 • CWE-264: Permissions, Privileges, and Access Controls •