CVSS: 4.0EPSS: 0%CPEs: 66EXPL: 0CVE-2014-4792
https://notcve.org/view.php?id=CVE-2014-4792
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, 8.0.0 hasta 8.0.0.1 CF13, y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediante la subida de ficheros de gran tamaño. • http://secunia.com/advisories/61204 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334 http://www-01.ibm.com/support/docview.wss?uid=swg21681998 https://exchange.xforce.ibmcloud.com/vulnerabilities/95204 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4746
https://notcve.org/view.php?id=CVE-2014-4746
IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests. IBM WebSphere Portal 8.0.0 anterior a 8.0.0.1 CF13 y 8.5.0 hasta CF01 proporciona códigos de error diferentes para las solicitudes de salto de firewall dependiendo de si existe o no el anfitrión de intranet, lo que permite a atacantes remotos mapear la red de la intranet a través de una serie de solicitudes. • http://secunia.com/advisories/60612 http://www-01.ibm.com/support/docview.wss?uid=swg1PI21858 http://www-01.ibm.com/support/docview.wss?uid=swg21680230 http://www.securitytracker.com/id/1030669 https://exchange.xforce.ibmcloud.com/vulnerabilities/94348 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0CVE-2014-4760
https://notcve.org/view.php?id=CVE-2014-4760
Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en IBM WebSphere Portal 6.1.0.0 hasta 6.1.0.6 CF27, 6.1.5.0 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, 8.0.0 anterior a 8.0.0.1 CF13, y 8.5.0 anterior a CF01 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL manipulada. • http://secunia.com/advisories/60597 http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877 http://www-01.ibm.com/support/docview.wss?uid=swg21680230 http://www.securitytracker.com/id/1030669 https://exchange.xforce.ibmcloud.com/vulnerabilities/94657 •
CVSS: 5.8EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3054
https://notcve.org/view.php?id=CVE-2014-3054
Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Múltiples vulnerabilidades de redirección abierta en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93528 •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3055
https://notcve.org/view.php?id=CVE-2014-3055
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93529 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •