CVE-2015-1887
https://notcve.org/view.php?id=CVE-2015-1887
IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request. Vulnerabilidad en el portal de IBM WebSphere 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 anteriores a 8.0.0.1 CF17 y del 8.5.0 anteriores a CF06, que permite a atacantes remotos obtener informacion sensible del Repositorio de Contenido de Java (JCR) a través de una petición manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI36150 http://www-01.ibm.com/support/docview.wss?uid=swg21958024 http://www.securityfocus.com/bid/75475 http://www.securitytracker.com/id/1032970 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1921
https://notcve.org/view.php?id=CVE-2015-1921
Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en IBM WebSphere Portal 8.0.0 anterior a 8.0.0.1 CF17 y 8.5.0 anterior a CF06 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632 http://www-01.ibm.com/support/docview.wss?uid=swg21884060 http://www.securityfocus.com/bid/74705 •
CVE-2015-1899
https://notcve.org/view.php?id=CVE-2015-1899
IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. IBM WebSphere Portal 8.5 hasta CF05 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37139 http://www-01.ibm.com/support/docview.wss?uid=swg21700066 • CWE-399: Resource Management Errors •
CVE-2015-1908
https://notcve.org/view.php?id=CVE-2015-1908
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05, utilizado en Web Content Manager y otros productos, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661 http://www-01.ibm.com/support/docview.wss?uid=swg21701566 http://www.securityfocus.com/bid/74218 http://www.securitytracker.com/id/1032189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-1886
https://notcve.org/view.php?id=CVE-2015-1886
The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. Remote Document Conversion Service (DCS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de solicitudes manipuladas. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356 http://www-01.ibm.com/support/docview.wss?uid=swg21701566 http://www.securityfocus.com/bid/74216 http://www.securitytracker.com/id/1032189 • CWE-399: Resource Management Errors •