Page 11 of 97 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0

Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/59740 http://www-01.ibm.com/support/docview.wss?uid=swg1PI25993 http://www-01.ibm.com/support/docview.wss?uid=swg21684651 http://www.securityfocus.com/bid/70757 https://exchange.xforce.ibmcloud.com/vulnerabilities/95375 •

CVSS: 3.5EPSS: 0%CPEs: 17EXPL: 0

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 no detecta debidamente la recursión durante la expansión de entidades, lo que permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y CPU) a través de un documento XML manipulado que contiene un número grande de referencias de entidades anidadas, un problema similar a CVE-2003-1564. • http://secunia.com/advisories/59740 http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622 http://www-01.ibm.com/support/docview.wss?uid=swg21684651 http://www.securityfocus.com/bid/70758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95391 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 proporciona códigos de error del servidor web diferentes dependiendo de si un fichero solicitado existe, lo que permite a atacantes remotos determinar la validez de nombres de ficheros a través de una serie de solicitudes. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710 http://www-01.ibm.com/support/docview.wss?uid=swg21684651 http://www.securityfocus.com/bid/70755 https://exchange.xforce.ibmcloud.com/vulnerabilities/95466 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 84EXPL: 0

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 hasta 8.5.0.0 CF02 permite a usuarios remotos autenticados descubrir credenciales mediante la lectura de código de fuente HTML. • http://secunia.com/advisories/61126 http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104 http://www-01.ibm.com/support/docview.wss?uid=swg21684652 https://exchange.xforce.ibmcloud.com/vulnerabilities/94658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF13 y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61204 http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973 http://www-01.ibm.com/support/docview.wss?uid=swg21681998 https://exchange.xforce.ibmcloud.com/vulnerabilities/94659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •