CVE-2013-6316
https://notcve.org/view.php?id=CVE-2013-6316
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor. IBM Websphere Portal 7.0.0.x anteriores a 7.0.0.2 CF26, y 8.0.0.x anteriores a 8.0.0.1 CF09 no maneja apropiadamente cambios contenido-selección durante el renderizado del componente Taxonomy, lo cual permite a atacantes remotos obtener información sensible sobre propiedades en circunstancias oportunistas, aprovechando un error en un procesador de contexto Web COntent Manager (WCM). • http://osvdb.org/101270 http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64492 https://exchange.xforce.ibmcloud.com/vulnerabilities/88597 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6328
https://notcve.org/view.php?id=CVE-2013-6328
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Vulnerabilidad cross-site scripting (XSS) UI en IBM Websphere Poral 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.2 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF09 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través de vectores que involucran elementos iFRAME. • http://osvdb.org/101269 http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345 http://www-01.ibm.com/support/docview.wss?uid=swg21660011 http://www.securityfocus.com/bid/64495 https://exchange.xforce.ibmcloud.com/vulnerabilities/88909 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6735 – IBM Web Content Manager XPath Injection
https://notcve.org/view.php?id=CVE-2013-6735
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permite a atacantes remotos obtener información Java Content Repository (JCR) sensile a través de una URL Web Content Manager (WCM) modificada. IBM Web Content Manager versions 6.x, 7.x, and 8.x suffer from blind XPath injection attacks. This allows an attacker to get current application configuration, enumerate nodes, and extract other valuable information from vulnerable installations of Web Content Manager. • http://osvdb.org/101255 http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html http://secunia.com/advisories/56161 http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777 http://www-01.ibm.com/support/docview.wss?uid=swg21660289 http://www.securityfocus.com/archive/1/530552/100/0/threaded http://www.securityfocus.com/bid/64496 http://www.securitytracker.com/id/1029539 https://exchange.xforce.ibmcloud.com/vulnerabilities/89591 https://www-304.ibm& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-5454
https://notcve.org/view.php?id=CVE-2013-5454
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. IBM WebSphere Portal 6.0 hasta la 6.0.1.7, 6.1.0 hasta la 6.1.0.6 CF27, 6.1.5 hasta la 6.1.5.3 CF27, 7.0 hasta la 7.0.0.2 CF25, y 8.0 hasta la 8.0.0.1 CF08 permite a atacantes remotos leer archivos de su elección a través de un URL modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205 http://www-01.ibm.com/support/docview.wss?uid=swg21655656 https://exchange.xforce.ibmcloud.com/vulnerabilities/88253 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-5379
https://notcve.org/view.php?id=CVE-2013-5379
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality. Vulnerabilidad de XSS en IBM WebSphere Portal 7.x anterior a la versión 7.0.0.2 CF25 y 8.x anterior a 8.0.0.1 CF8 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario mediante el aprovechamiento de una funcionalidad de etiquetado inapropiada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047 http://www-01.ibm.com/support/docview.wss?uid=swg21655635 https://exchange.xforce.ibmcloud.com/vulnerabilities/86930 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •