CVE-2014-3055
https://notcve.org/view.php?id=CVE-2014-3055
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93529 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-3056
https://notcve.org/view.php?id=CVE-2014-3056
The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. El portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos obtener información potencialmente sensible a cerca de las variables de entornos y las versiones JAR a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93530 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-3057
https://notcve.org/view.php?id=CVE-2014-3057
Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 http://www.securityfocus.com/bid/68928 https://exchange.xforce.ibmcloud.com/vulnerabilities/93531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0910 – IBM Websphere Portal - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-0910
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.0 hasta 6.1.0.6 CF27, 6.1.5.0 hasta 6.1.5.3 CF27 y 7.0.0 hasta 7.0.0.2 CF28 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. IBM WebSphere Portal versions 7.0, 6.1.5, and 6.1.0 suffer from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/36941 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845 http://www-01.ibm.com/support/docview.wss?uid=swg21675257 https://exchange.xforce.ibmcloud.com/vulnerabilities/91875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0959
https://notcve.org/view.php?id=CVE-2014-0959
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a usuarios remotos autenticados causar una denegación de servicio (bucle infinito) a través de una redirección de inicio de sesión. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92741 • CWE-20: Improper Input Validation •