CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7455
https://notcve.org/view.php?id=CVE-2015-7455
29 Feb 2016 — IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI. IBM WebSphere Portal 7.x hasta la versión 7.0.0.2 CF29, 8.0.x en versiones anteriores a 8.0.0.1 CF20 y 8.5.x en versiones anteriores a 8.5.0.0 CF09 usa permisos débiles para elementos de contenido, lo que permite a usuarios remotos autenticados hacer modificaciones a través de la UI... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI51234 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2016-0243
https://notcve.org/view.php?id=CVE-2016-0243
29 Feb 2016 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.x hasta la versión 6.1.0.6 CF27, 6.1.5.x hasta la versión 6.1.5.3 CF27, 7.x hasta la versión 7.0.0.2 CF29, 8.0.x en versione... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI54088 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2015-7472
https://notcve.org/view.php?id=CVE-2015-7472
15 Feb 2016 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors. IBM WebSphere Portal 6.1.0 hasta la versión 6.1.0.6 CF27, 6.1.5 hasta la versión 6.1.5.3 CF27, 7.0.0 hasta la versión 7.0.0.2 CF29, 8.0.0 en versiones anteriores a 8.0.0.1 CF20 y 8.5.0 en versiones anteriores a CF10 permite... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI53426 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0209
https://notcve.org/view.php?id=CVE-2016-0209
27 Jan 2016 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM WebSphere Portal 8.5.0 en versiones anteriores a CF09 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21974564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2015-7447
https://notcve.org/view.php?id=CVE-2015-7447
31 Dec 2015 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors. IBM WebSphere Portal 6.1.0 hasta la versión 6.1.0.6 CF27, 6.1.5 hasta la versión 6.1.5.3 CF27, 7.0.0 hasta la versión 7.0.0.2 CF29, 8.0.0 en versiones anteriores a 8.0.0.1 CF20 y 8.5.0 en versiones anteriore... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI51395 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7413
https://notcve.org/view.php?id=CVE-2015-7413
21 Dec 2015 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 en versiones anteriores a 8.0.0.1 CF19 y 8.5.0 hasta la versión CF08 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI50844 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2015-4998
https://notcve.org/view.php?id=CVE-2015-4998
21 Dec 2015 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta la versión 6.1.0.6 CF27, 6.1.5 hasta la versión 6.1.5.3 CF27, 7.0.0 hasta la versión 7.0.0.2 CF29, 8.0.0 en versiones anteriores... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI47712 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2015-5001
https://notcve.org/view.php?id=CVE-2015-5001
21 Dec 2015 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document. IBM WebSphere Portal 6.1.0 hasta la versión 6.1.0.6 CF27, 6.1.5 hasta la versión 6.1.5.3 CF27, 7.0.0 hasta la versión 7.0.0.2 CF29, 8.0.0 en versiones anteriores a 8.0.0.1 CF19 y 8.5.0 en versiones anteriores a CF08 permite a usuarios remotos autenti... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI49540 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2015-4993
https://notcve.org/view.php?id=CVE-2015-4993
21 Dec 2015 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta la versión 6.1.0.6 CF27, 6.1.5 hasta la versión 6.1.5.3 CF27, 7.0.0 hasta la versión 7.0.0.2 CF29, 8.0.0 en versiones anteriores... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI47516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 25EXPL: 0CVE-2015-7419
https://notcve.org/view.php?id=CVE-2015-7419
14 Nov 2015 — IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. IBM WebSphere Portal 8.0.0.1 en versiones anteriores a CF19 y 8.5.0 en versiones anteriores a CF09 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de peticiones manipuladas. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI50952 • CWE-399: Resource Management Errors •