CVSS: 8.2EPSS: 0%CPEs: 58EXPL: 0CVE-2014-0954
https://notcve.org/view.php?id=CVE-2014-0954
22 May 2014 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 no valida JSP Includes, lo que perm... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0956
https://notcve.org/view.php?id=CVE-2014-0956
22 May 2014 — Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en googlemap.jsp en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0958
https://notcve.org/view.php?id=CVE-2014-0958
22 May 2014 — Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos redirigir usuarios hacia sitios web ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15689 •
CVSS: 6.5EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0959
https://notcve.org/view.php?id=CVE-2014-0959
22 May 2014 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a usuarios remotos autenticados causar una denegación de servicio (bucle infinito) a través de una redirección de inicio de sesión. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 1CVE-2014-0917 – IBM Eclipse Help System (IEHS) Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-0917
16 May 2014 — Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos inyectar... • https://packetstorm.news/files/id/131924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2014-0918
https://notcve.org/view.php?id=CVE-2014-0918
16 May 2014 — Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos leer archivos ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0828
https://notcve.org/view.php?id=CVE-2014-0828
02 Apr 2014 — Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de usuario de WCM (Web Content Manager) en IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF27 y 8.0.0.x anterio... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2013-6730
https://notcve.org/view.php?id=CVE-2013-6730
04 Mar 2014 — IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x anterior a 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF10, cuando la configuración wcm.path.traversal.securit... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2013-6328
https://notcve.org/view.php?id=CVE-2013-6328
22 Dec 2013 — Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Vulnerabilidad cross-site scripting (XSS) UI en IBM Websphere Poral 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.2 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF09 permit... • http://osvdb.org/101269 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 1%CPEs: 26EXPL: 2CVE-2013-6735 – IBM Web Content Manager XPath Injection
https://notcve.org/view.php?id=CVE-2013-6735
22 Dec 2013 — IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permit... • https://packetstorm.news/files/id/124611 • CWE-264: Permissions, Privileges, and Access Controls •