CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 0CVE-2014-8912
https://notcve.org/view.php?id=CVE-2014-8912
28 Oct 2015 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. IBM WebSphere Portal 6.1.0 hasta la versión 6.1.0.6 CF27, 6.1.5 hasta la versión 6.1.5.3 CF27, 7.0.0 hasta la versión 7.0.0.2 CF29, 8.0.0 hasta la versión 8.0.0.1 CF18 y 8.5.0 en version... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI47714 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2014-6093
https://notcve.org/view.php?id=CVE-2014-6093
26 Nov 2014 — Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Portal 7.0.x anterior a 7.0.0.2 CF29, 8.0.x hasta 8.0.0.1 CF14, y 8.5.x anterior a 8.5.0 CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/59752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 66EXPL: 0CVE-2014-4792
https://notcve.org/view.php?id=CVE-2014-4792
12 Sep 2014 — IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files. IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, 8.0.0 hasta 8.0.0.1 CF13, y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediant... • http://secunia.com/advisories/61204 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 1%CPEs: 26EXPL: 2CVE-2013-6735 – IBM Web Content Manager XPath Injection
https://notcve.org/view.php?id=CVE-2013-6735
22 Dec 2013 — IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permit... • https://packetstorm.news/files/id/124611 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5454
https://notcve.org/view.php?id=CVE-2013-5454
16 Nov 2013 — IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL. IBM WebSphere Portal 6.0 hasta la 6.0.1.7, 6.1.0 hasta la 6.1.0.6 CF27, 6.1.5 hasta la 6.1.5.3 CF27, 7.0 hasta la 7.0.0.2 CF25, y 8.0 hasta la 8.0.0.1 CF08 permite a atacantes remotos leer archivos de su elección a través de un URL modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2013-0587
https://notcve.org/view.php?id=CVE-2013-0587
16 Aug 2013 — Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM WebSphere Portal anterior a v8.0.0.1 CF07 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de los temas (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8... • http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 2%CPEs: 13EXPL: 0CVE-2011-0679
https://notcve.org/view.php?id=CVE-2011-0679
28 Jan 2011 — IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." IBM WebSphere Portal v6.0.1.1 hasta v7.0.0.0, como el utilizado en IBM Lotus Web Content Management (WCM) e IBM Lotus Quickr para WebSphere Portal, permite a atacantes remotos obtener información sensible a través de un "mensaje modificado." • http://osvdb.org/70688 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2010-1348
https://notcve.org/view.php?id=CVE-2010-1348
12 Apr 2010 — Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. Vulnerabilidad inespecífica en el proceso de inicio de sesión en IBM WebSphere Portal v6.0.1.1, y v6.1.0.x anteriores a v6.1.0.3 Cumulative Fix 03, tiene impacto y vectores desconocidos. • http://osvdb.org/63594 •
CVSS: 6.1EPSS: 2%CPEs: 77EXPL: 3CVE-2010-0714 – IBM (Multiple Products) - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0714
26 Feb 2010 — Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de ejecución de secuencias de comandos en s... • https://www.exploit-db.com/exploits/33675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 77EXPL: 1CVE-2010-0715
https://notcve.org/view.php?id=CVE-2010-0715
26 Feb 2010 — Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string. Vulnerabilidad de redireccionamiento dir... • http://www-01.ibm.com/support/docview.wss?uid=swg21421469 •