CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4821
https://notcve.org/view.php?id=CVE-2014-4821
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 proporciona códigos de error del servidor web diferentes dependiendo de si un fichero solicitado existe, lo que permite a atacantes remotos determinar la validez de nombres de ficheros a través de una serie de solicitudes. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710 http://www-01.ibm.com/support/docview.wss?uid=swg21684651 http://www.securityfocus.com/bid/70755 https://exchange.xforce.ibmcloud.com/vulnerabilities/95466 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 84EXPL: 0CVE-2014-4761
https://notcve.org/view.php?id=CVE-2014-4761
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 hasta 8.5.0.0 CF02 permite a usuarios remotos autenticados descubrir credenciales mediante la lectura de código de fuente HTML. • http://secunia.com/advisories/61126 http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104 http://www-01.ibm.com/support/docview.wss?uid=swg21684652 https://exchange.xforce.ibmcloud.com/vulnerabilities/94658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4762
https://notcve.org/view.php?id=CVE-2014-4762
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF13 y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61204 http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973 http://www-01.ibm.com/support/docview.wss?uid=swg21681998 https://exchange.xforce.ibmcloud.com/vulnerabilities/94659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 66EXPL: 0CVE-2014-4792
https://notcve.org/view.php?id=CVE-2014-4792
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, 8.0.0 hasta 8.0.0.1 CF13, y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediante la subida de ficheros de gran tamaño. • http://secunia.com/advisories/61204 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334 http://www-01.ibm.com/support/docview.wss?uid=swg21681998 https://exchange.xforce.ibmcloud.com/vulnerabilities/95204 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4746
https://notcve.org/view.php?id=CVE-2014-4746
IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests. IBM WebSphere Portal 8.0.0 anterior a 8.0.0.1 CF13 y 8.5.0 hasta CF01 proporciona códigos de error diferentes para las solicitudes de salto de firewall dependiendo de si existe o no el anfitrión de intranet, lo que permite a atacantes remotos mapear la red de la intranet a través de una serie de solicitudes. • http://secunia.com/advisories/60612 http://www-01.ibm.com/support/docview.wss?uid=swg1PI21858 http://www-01.ibm.com/support/docview.wss?uid=swg21680230 http://www.securitytracker.com/id/1030669 https://exchange.xforce.ibmcloud.com/vulnerabilities/94348 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •