CVE-2014-3055
https://notcve.org/view.php?id=CVE-2014-3055
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93529 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-3056
https://notcve.org/view.php?id=CVE-2014-3056
The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. El portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos obtener información potencialmente sensible a cerca de las variables de entornos y las versiones JAR a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93530 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-3057
https://notcve.org/view.php?id=CVE-2014-3057
Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 http://www.securityfocus.com/bid/68928 https://exchange.xforce.ibmcloud.com/vulnerabilities/93531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3054
https://notcve.org/view.php?id=CVE-2014-3054
Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Múltiples vulnerabilidades de redirección abierta en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://secunia.com/advisories/60499 http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 http://www-01.ibm.com/support/docview.wss?uid=swg21677032 https://exchange.xforce.ibmcloud.com/vulnerabilities/93528 •
CVE-2014-0957
https://notcve.org/view.php?id=CVE-2014-0957
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure. Vulnerabilidad de XSS en IBM Business Process Manager 7.5 hasta 8.5.5, y WebSphere Lombardi Edition 7.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada que provoca un fallo de servicio. • http://secunia.com/advisories/59557 http://www-01.ibm.com/support/docview.wss?uid=swg1JR49990 http://www-01.ibm.com/support/docview.wss?uid=swg21679064 https://exchange.xforce.ibmcloud.com/vulnerabilities/92738 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •