CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4997
https://notcve.org/view.php?id=CVE-2015-4997
29 Oct 2015 — IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. IBM WebSphere Portal 8.5.0 en versiones anteriores a CF08 permite a atacantes remotos eludir las restricciones destinadas al acceso a través de una petición manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI47694 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 0CVE-2014-8912
https://notcve.org/view.php?id=CVE-2014-8912
28 Oct 2015 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. IBM WebSphere Portal 6.1.0 hasta la versión 6.1.0.6 CF27, 6.1.5 hasta la versión 6.1.5.3 CF27, 7.0.0 hasta la versión 7.0.0.2 CF29, 8.0.0 hasta la versión 8.0.0.1 CF18 y 8.5.0 en version... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI47714 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0195
https://notcve.org/view.php?id=CVE-2015-0195
03 Oct 2015 — Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Content Template Catalog 4.x en versiones anteriores a 4.1.4 para WebSphere Portal 8.0.x y 4.x en versiones anteriores a 4.3.1 para WebSphere Portal 8.5.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario... • http://www-01.ibm.com/support/docview.wss?uid=swg21958969 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 0CVE-2015-1943
https://notcve.org/view.php?id=CVE-2015-1943
14 Sep 2015 — IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. Vulnerabilidad en IBM WebSphere Portal 6.1.0.x hasta la versión 6.1.0.6 CF27, 6.1.5.x hasta la versión 6.1.5.3 CF27, 7.0.x hasta la versión 7.0.0.2 CF29, 8.0.x en versiones anteriores a 8.0.0.1 CF17 y 8.5.0 en versiones anteriores a CF06, permite a ... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI39617 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1887
https://notcve.org/view.php?id=CVE-2015-1887
14 Jul 2015 — IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request. Vulnerabilidad en el portal de IBM WebSphere 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 anteriores a 8.0.0.1 CF17 y del 8.5.0 anteriores a CF06, que permite a atacantes remotos obtener informacion sensible del Repositorio de Contenido de Java (JCR) a través de una petición manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI36150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1944
https://notcve.org/view.php?id=CVE-2015-1944
14 Jul 2015 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de secuencias de comandos en sitios cruzados - XSS en el portal de IBM WebSphere 8.0..8 antes de 8.0.0.1 CF17 y 8.5.0 antes de CF06, que permite a usuarios remotos autenticados inyectar secuencias de comandos o HTML arbitrario por medio de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI40341 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1899
https://notcve.org/view.php?id=CVE-2015-1899
25 May 2015 — IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. IBM WebSphere Portal 8.5 hasta CF05 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37139 • CWE-399: Resource Management Errors •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1921
https://notcve.org/view.php?id=CVE-2015-1921
25 May 2015 — Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Vulnerabilidad de redirección abierta en IBM WebSphere Portal 8.0.0 anterior a 8.0.0.1 CF17 y 8.5.0 anterior a CF06 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632 •
CVSS: 7.8EPSS: 1%CPEs: 17EXPL: 0CVE-2015-1886
https://notcve.org/view.php?id=CVE-2015-1886
24 Apr 2015 — The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. Remote Document Conversion Service (DCS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05 permite a atacantes remot... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2015-1908
https://notcve.org/view.php?id=CVE-2015-1908
24 Apr 2015 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05, utilizado... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •