CVSS: 6.1EPSS: 0%CPEs: 89EXPL: 0CVE-2018-1673
https://notcve.org/view.php?id=CVE-2018-1673
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securitytracker.com/id/1041845 https://exchange.xforce.ibmcloud.com/vulnerabilities/145108 https://www.ibm.com/support/docview.wss?uid=ibm10731155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 79EXPL: 0CVE-2018-1672
https://notcve.org/view.php?id=CVE-2018-1672
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría fracasar a la hora de establecer el contexto de usuario correcto en ciertos escenarios de suplantación, lo que puede permitir que un usuario actúe con la identidad de otro usuario. IBM X-Force ID: 144958. • http://www.securitytracker.com/id/1041766 https://exchange.xforce.ibmcloud.com/vulnerabilities/144958 https://www.ibm.com/support/docview.wss?uid=ibm10716981 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 78EXPL: 0CVE-2018-1420
https://notcve.org/view.php?id=CVE-2018-1420
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 restablece las opciones de control de acceso a su configuración de fábrica durante la instalación Combined Cumulative Fix (CF). Esto puede conducir a una mala configuración del seguridad de la instalación. • http://www.securitytracker.com/id/1041767 https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 https://www.ibm.com/support/docview.wss?uid=swg22014276 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 89EXPL: 0CVE-2018-1660
https://notcve.org/view.php?id=CVE-2018-1660
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/105446 http://www.securitytracker.com/id/1041755 https://exchange.xforce.ibmcloud.com/vulnerabilities/144886 https://www.ibm.com/support/docview.wss?uid=ibm10715923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 88EXPL: 0CVE-2018-1716
https://notcve.org/view.php?id=CVE-2018-1716
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securitytracker.com/id/1041754 https://exchange.xforce.ibmcloud.com/vulnerabilities/147164 https://www.ibm.com/support/docview.wss?uid=ibm10729323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •