CVSS: 6.1EPSS: 0%CPEs: 89EXPL: 0CVE-2018-1673
https://notcve.org/view.php?id=CVE-2018-1673
12 Oct 2018 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera... • http://www.securitytracker.com/id/1041845 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 78EXPL: 0CVE-2018-1420
https://notcve.org/view.php?id=CVE-2018-1420
01 Oct 2018 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 restablece las opciones de control de acceso a su configuración de fábrica durante la instalación Combined Cumulative Fix (CF). Esto puede conducir a una mala configuración del seguridad de la instalación. • http://www.securitytracker.com/id/1041767 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 79EXPL: 0CVE-2018-1672
https://notcve.org/view.php?id=CVE-2018-1672
01 Oct 2018 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría fracasar a la hora de establecer el contexto de usuario correcto en ciertos escenarios de suplantación, lo que puede permitir que un usuario actúe con la identidad de otro usuario. IBM X-Force ID: 144958. • http://www.securitytracker.com/id/1041766 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 88EXPL: 0CVE-2018-1716
https://notcve.org/view.php?id=CVE-2018-1716
27 Sep 2018 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera... • http://www.securitytracker.com/id/1041754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 89EXPL: 0CVE-2018-1736
https://notcve.org/view.php?id=CVE-2018-1736
27 Sep 2018 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906. IBM WebSphere Portal e... • http://www.securityfocus.com/bid/105490 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 89EXPL: 0CVE-2018-1660
https://notcve.org/view.php?id=CVE-2018-1660
27 Sep 2018 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera... • http://www.securityfocus.com/bid/105446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-2951
https://notcve.org/view.php?id=CVE-2013-2951
11 Jul 2018 — IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621. IBM WebSphere Portal en versiones 7.0.0.x y 8.0.0.x escribe contraseñas a un archivo de rastreo cuando éste está habilitado para el Selfcare Portlet (Profile Management), lo que permite que usuarios locales obtengan información sensible mediante la lectura del archiv... • http://www-01.ibm.com/support/docview.wss?uid=swg21642097 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 87EXPL: 0CVE-2018-1416
https://notcve.org/view.php?id=CVE-2018-1416
27 Feb 2018 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera... • http://www.ibm.com/support/docview.wss?uid=swg22013706 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1761
https://notcve.org/view.php?id=CVE-2017-1761
09 Feb 2018 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las f... • http://www.ibm.com/support/docview.wss?uid=swg22012416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1698
https://notcve.org/view.php?id=CVE-2017-1698
27 Dec 2017 — IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría revelar información sensible en un mensaje de error, lo que podría dar lugar a más ataques contra el sistema. IBM X-Force ID: 124390. • http://www.ibm.com/support/docview.wss?uid=swg22011519 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •