CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 1CVE-2013-6735 – IBM Web Content Manager XPath Injection
https://notcve.org/view.php?id=CVE-2013-6735
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permite a atacantes remotos obtener información Java Content Repository (JCR) sensile a través de una URL Web Content Manager (WCM) modificada. IBM Web Content Manager versions 6.x, 7.x, and 8.x suffer from blind XPath injection attacks. This allows an attacker to get current application configuration, enumerate nodes, and extract other valuable information from vulnerable installations of Web Content Manager. • http://osvdb.org/101255 http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html http://secunia.com/advisories/56161 http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777 http://www-01.ibm.com/support/docview.wss?uid=swg21660289 http://www.securityfocus.com/archive/1/530552/100/0/threaded http://www.securityfocus.com/bid/64496 http://www.securitytracker.com/id/1029539 https://exchange.xforce.ibmcloud.com/vulnerabilities/89591 https://www-304.ibm& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5454
https://notcve.org/view.php?id=CVE-2013-5454
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. IBM WebSphere Portal 6.0 hasta la 6.0.1.7, 6.1.0 hasta la 6.1.0.6 CF27, 6.1.5 hasta la 6.1.5.3 CF27, 7.0 hasta la 7.0.0.2 CF25, y 8.0 hasta la 8.0.0.1 CF08 permite a atacantes remotos leer archivos de su elección a través de un URL modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205 http://www-01.ibm.com/support/docview.wss?uid=swg21655656 https://exchange.xforce.ibmcloud.com/vulnerabilities/88253 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-5379
https://notcve.org/view.php?id=CVE-2013-5379
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality. Vulnerabilidad de XSS en IBM WebSphere Portal 7.x anterior a la versión 7.0.0.2 CF25 y 8.x anterior a 8.0.0.1 CF8 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario mediante el aprovechamiento de una funcionalidad de etiquetado inapropiada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047 http://www-01.ibm.com/support/docview.wss?uid=swg21655635 https://exchange.xforce.ibmcloud.com/vulnerabilities/86930 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5378
https://notcve.org/view.php?id=CVE-2013-5378
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration. Vulnerabilidad de XSS en IBM WebSphere Portal 8.x anterior a la versión 8.0.0.1 CF8 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario mediante el aprovechamiento de integraciones incorrectas de IBM Connections. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802 http://www-01.ibm.com/support/docview.wss?uid=swg1PM95881 http://www-01.ibm.com/support/docview.wss?uid=swg1PM97593 http://www-01.ibm.com/support/docview.wss?uid=swg21655634 https://exchange.xforce.ibmcloud.com/vulnerabilities/86929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3016
https://notcve.org/view.php?id=CVE-2013-3016
IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. IBM WebSphere Portal v6.1, v7.0, y v8.0 permite a atacantes remotos acceder al directorio de usuario a través de una solicitud manipulada por un servlet, relacionado con la configuración "serveServletsByClassnameEnabled". • http://www-01.ibm.com/support/docview.wss?uid=swg21647344 https://exchange.xforce.ibmcloud.com/vulnerabilities/84350 • CWE-264: Permissions, Privileges, and Access Controls •