CVSS: 5.0EPSS: 0%CPEs: 32EXPL: 0CVE-2014-8912
https://notcve.org/view.php?id=CVE-2014-8912
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. IBM WebSphere Portal 6.1.0 hasta la versión 6.1.0.6 CF27, 6.1.5 hasta la versión 6.1.5.3 CF27, 7.0.0 hasta la versión 7.0.0.2 CF29, 8.0.0 hasta la versión 8.0.0.1 CF18 y 8.5.0 en versiones anteriores a CF08 no restringe adecuadamente las fuentes de acceso, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados, según lo demostrado por la información de configuración. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI47714 http://www-01.ibm.com/support/docview.wss?uid=swg21963226 http://www.securitytracker.com/id/1033988 • CWE-284: Improper Access Control •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-6093
https://notcve.org/view.php?id=CVE-2014-6093
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 7.0.x anterior a 7.0.0.2 CF29, 8.0.x hasta 8.0.0.1 CF14, y 8.5.x anterior a 8.5.0 CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/59752 http://secunia.com/advisories/60912 http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678 http://www-01.ibm.com/support/docview.wss?uid=swg21689849 http://www.securitytracker.com/id/1031359 https://exchange.xforce.ibmcloud.com/vulnerabilities/95921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 66EXPL: 0CVE-2014-4792
https://notcve.org/view.php?id=CVE-2014-4792
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, 8.0.0 hasta 8.0.0.1 CF13, y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediante la subida de ficheros de gran tamaño. • http://secunia.com/advisories/61204 http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334 http://www-01.ibm.com/support/docview.wss?uid=swg21681998 https://exchange.xforce.ibmcloud.com/vulnerabilities/95204 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 1CVE-2013-6735 – IBM Web Content Manager XPath Injection
https://notcve.org/view.php?id=CVE-2013-6735
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permite a atacantes remotos obtener información Java Content Repository (JCR) sensile a través de una URL Web Content Manager (WCM) modificada. IBM Web Content Manager versions 6.x, 7.x, and 8.x suffer from blind XPath injection attacks. This allows an attacker to get current application configuration, enumerate nodes, and extract other valuable information from vulnerable installations of Web Content Manager. • http://osvdb.org/101255 http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html http://secunia.com/advisories/56161 http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777 http://www-01.ibm.com/support/docview.wss?uid=swg21660289 http://www.securityfocus.com/archive/1/530552/100/0/threaded http://www.securityfocus.com/bid/64496 http://www.securitytracker.com/id/1029539 https://exchange.xforce.ibmcloud.com/vulnerabilities/89591 https://www-304.ibm& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5454
https://notcve.org/view.php?id=CVE-2013-5454
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. IBM WebSphere Portal 6.0 hasta la 6.0.1.7, 6.1.0 hasta la 6.1.0.6 CF27, 6.1.5 hasta la 6.1.5.3 CF27, 7.0 hasta la 7.0.0.2 CF25, y 8.0 hasta la 8.0.0.1 CF08 permite a atacantes remotos leer archivos de su elección a través de un URL modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205 http://www-01.ibm.com/support/docview.wss?uid=swg21655656 https://exchange.xforce.ibmcloud.com/vulnerabilities/88253 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •