CVE-2014-4814
https://notcve.org/view.php?id=CVE-2014-4814
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 no detecta debidamente la recursión durante la expansión de entidades, lo que permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y CPU) a través de un documento XML manipulado que contiene un número grande de referencias de entidades anidadas, un problema similar a CVE-2003-1564. • http://secunia.com/advisories/59740 http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622 http://www-01.ibm.com/support/docview.wss?uid=swg21684651 http://www.securityfocus.com/bid/70758 https://exchange.xforce.ibmcloud.com/vulnerabilities/95391 • CWE-399: Resource Management Errors •
CVE-2014-4821
https://notcve.org/view.php?id=CVE-2014-4821
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 proporciona códigos de error del servidor web diferentes dependiendo de si un fichero solicitado existe, lo que permite a atacantes remotos determinar la validez de nombres de ficheros a través de una serie de solicitudes. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710 http://www-01.ibm.com/support/docview.wss?uid=swg21684651 http://www.securityfocus.com/bid/70755 https://exchange.xforce.ibmcloud.com/vulnerabilities/95466 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4761
https://notcve.org/view.php?id=CVE-2014-4761
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 hasta 8.5.0.0 CF02 permite a usuarios remotos autenticados descubrir credenciales mediante la lectura de código de fuente HTML. • http://secunia.com/advisories/61126 http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104 http://www-01.ibm.com/support/docview.wss?uid=swg21684652 https://exchange.xforce.ibmcloud.com/vulnerabilities/94658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4762
https://notcve.org/view.php?id=CVE-2014-4762
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF13 y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61204 http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973 http://www-01.ibm.com/support/docview.wss?uid=swg21681998 https://exchange.xforce.ibmcloud.com/vulnerabilities/94659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4792
https://notcve.org/view.php?id=CVE-2014-4792
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, 8.0.0 hasta 8.0.0.1 CF13, y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediante la subida de ficheros de gran tamaño. • http://secunia.com/advisories/61204 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334 http://www-01.ibm.com/support/docview.wss?uid=swg21681998 https://exchange.xforce.ibmcloud.com/vulnerabilities/95204 • CWE-399: Resource Management Errors •