CVSS: 5.8EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3054
https://notcve.org/view.php?id=CVE-2014-3054
Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Múltiples vulnerabilidades de redirección abierta en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93528 •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3020
https://notcve.org/view.php?id=CVE-2014-3020
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program. install.sh en Embedded WebSphere Application Server (eWAS) 7.0 anterior a FP33 en IBM Tivoli Integrated Portal (TIP) 2.1 y 2.2 configura permisos de lectura universal para el árbol de directorio installRoot, lo que permite a usuarios locales ganar privilegios a través de un programa de caballo de troya. • http://secunia.com/advisories/59687 http://secunia.com/advisories/59795 http://secunia.com/advisories/60552 http://www-01.ibm.com/support/docview.wss?uid=swg21679952 http://www-01.ibm.com/support/docview.wss?uid=swg21680254 http://www-01.ibm.com/support/docview.wss?uid=swg21680841 http://www.securityfocus.com/bid/69034 https://exchange.xforce.ibmcloud.com/vulnerabilities/93056 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3055
https://notcve.org/view.php?id=CVE-2014-3055
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93529 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3056
https://notcve.org/view.php?id=CVE-2014-3056
The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. El portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos obtener información potencialmente sensible a cerca de las variables de entornos y las versiones JAR a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93530 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0CVE-2014-3057
https://notcve.org/view.php?id=CVE-2014-3057
Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 http://www.securityfocus.com/bid/68928 https://exchange.xforce.ibmcloud.com/vulnerabilities/93531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •