CVSS: 5.8EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0958
https://notcve.org/view.php?id=CVE-2014-0958
Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15689 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92739 •
CVSS: 6.8EPSS: 0%CPEs: 58EXPL: 0CVE-2014-0954
https://notcve.org/view.php?id=CVE-2014-0954
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 no valida JSP Includes, lo que permite a atacantes remotos obtener información sensible, evadir restricciones de acceso de solicitar distribuidor o causar una denegación de servicio (consumo de memoria) a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92627 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 51EXPL: 0CVE-2014-0918
https://notcve.org/view.php?id=CVE-2014-0918
Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos leer archivos arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125 http://www-01.ibm.com/support/docview.wss?uid=swg21670753 http://www.securityfocus.com/bid/67340 https://exchange.xforce.ibmcloud.com/vulnerabilities/91980 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 51EXPL: 0CVE-2014-0917 – IBM Eclipse Help System (IEHS) Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-0917
Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. IBM Eclipse Help System (IEHS) versions 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0 through 7.0.0.2, and 8.0 prior to 8.0.0.1 suffer from a cross site scripting vulnerability. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125 http://www-01.ibm.com/support/docview.wss?uid=swg21670753 http://www.securityfocus.com/bid/67339 https://exchange.xforce.ibmcloud.com/vulnerabilities/91979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0901
https://notcve.org/view.php?id=CVE-2014-0901
Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la implementación Social Rendering en la integración de IBM Connections en IBM WebSphere Portal 8.0.0.x anterior a 8.0.0.1 CF11 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659 http://www-01.ibm.com/support/docview.wss?uid=swg21667016 http://www.securityfocus.com/bid/66559 https://exchange.xforce.ibmcloud.com/vulnerabilities/91398 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •