CVE-2014-6093
https://notcve.org/view.php?id=CVE-2014-6093
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 7.0.x anterior a 7.0.0.2 CF29, 8.0.x hasta 8.0.0.1 CF14, y 8.5.x anterior a 8.5.0 CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/59752 http://secunia.com/advisories/60912 http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678 http://www-01.ibm.com/support/docview.wss?uid=swg21689849 http://www.securitytracker.com/id/1031359 https://exchange.xforce.ibmcloud.com/vulnerabilities/95921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4808
https://notcve.org/view.php?id=CVE-2014-4808
Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/59740 http://www-01.ibm.com/support/docview.wss?uid=swg1PI25993 http://www-01.ibm.com/support/docview.wss?uid=swg21684651 http://www.securityfocus.com/bid/70757 https://exchange.xforce.ibmcloud.com/vulnerabilities/95375 •
CVE-2014-4814
https://notcve.org/view.php?id=CVE-2014-4814
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 no detecta debidamente la recursión durante la expansión de entidades, lo que permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y CPU) a través de un documento XML manipulado que contiene un número grande de referencias de entidades anidadas, un problema similar a CVE-2003-1564. • http://secunia.com/advisories/59740 http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622 http://www-01.ibm.com/support/docview.wss?uid=swg21684651 http://www.securityfocus.com/bid/70758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95391 • CWE-399: Resource Management Errors •
CVE-2014-4821
https://notcve.org/view.php?id=CVE-2014-4821
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 proporciona códigos de error del servidor web diferentes dependiendo de si un fichero solicitado existe, lo que permite a atacantes remotos determinar la validez de nombres de ficheros a través de una serie de solicitudes. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710 http://www-01.ibm.com/support/docview.wss?uid=swg21684651 http://www.securityfocus.com/bid/70755 https://exchange.xforce.ibmcloud.com/vulnerabilities/95466 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4761
https://notcve.org/view.php?id=CVE-2014-4761
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 hasta 8.5.0.0 CF02 permite a usuarios remotos autenticados descubrir credenciales mediante la lectura de código de fuente HTML. • http://secunia.com/advisories/61126 http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104 http://www-01.ibm.com/support/docview.wss?uid=swg21684652 https://exchange.xforce.ibmcloud.com/vulnerabilities/94658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •