CVSS: 6.8EPSS: 0%CPEs: 58EXPL: 0CVE-2014-0954
https://notcve.org/view.php?id=CVE-2014-0954
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 no valida JSP Includes, lo que permite a atacantes remotos obtener información sensible, evadir restricciones de acceso de solicitar distribuidor o causar una denegación de servicio (consumo de memoria) a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92627 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0958
https://notcve.org/view.php?id=CVE-2014-0958
Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15689 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92739 •
CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 0CVE-2014-0952
https://notcve.org/view.php?id=CVE-2014-0952
Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en boot_config.jsp en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF28, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI16041 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 58EXPL: 0CVE-2014-0949
https://notcve.org/view.php?id=CVE-2014-0949
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos causar una denegación de servicio (consumo de recursos y caída de demonio) a través de una solicitud web manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92622 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 51EXPL: 0CVE-2014-0917 – IBM Eclipse Help System (IEHS) Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-0917
Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. IBM Eclipse Help System (IEHS) versions 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0 through 7.0.0.2, and 8.0 prior to 8.0.0.1 suffer from a cross site scripting vulnerability. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125 http://www-01.ibm.com/support/docview.wss?uid=swg21670753 http://www.securityfocus.com/bid/67339 https://exchange.xforce.ibmcloud.com/vulnerabilities/91979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •