CVSS: 6.1EPSS: 0%CPEs: 89EXPL: 0CVE-2018-1673
https://notcve.org/view.php?id=CVE-2018-1673
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securitytracker.com/id/1041845 https://exchange.xforce.ibmcloud.com/vulnerabilities/145108 https://www.ibm.com/support/docview.wss?uid=ibm10731155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 79EXPL: 0CVE-2018-1672
https://notcve.org/view.php?id=CVE-2018-1672
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podría fracasar a la hora de establecer el contexto de usuario correcto en ciertos escenarios de suplantación, lo que puede permitir que un usuario actúe con la identidad de otro usuario. IBM X-Force ID: 144958. • http://www.securitytracker.com/id/1041766 https://exchange.xforce.ibmcloud.com/vulnerabilities/144958 https://www.ibm.com/support/docview.wss?uid=ibm10716981 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 78EXPL: 0CVE-2018-1420
https://notcve.org/view.php?id=CVE-2018-1420
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 restablece las opciones de control de acceso a su configuración de fábrica durante la instalación Combined Cumulative Fix (CF). Esto puede conducir a una mala configuración del seguridad de la instalación. • http://www.securitytracker.com/id/1041767 https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 https://www.ibm.com/support/docview.wss?uid=swg22014276 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 89EXPL: 0CVE-2018-1660
https://notcve.org/view.php?id=CVE-2018-1660
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886. IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/105446 http://www.securitytracker.com/id/1041755 https://exchange.xforce.ibmcloud.com/vulnerabilities/144886 https://www.ibm.com/support/docview.wss?uid=ibm10715923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 89EXPL: 0CVE-2018-1736
https://notcve.org/view.php?id=CVE-2018-1736
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906. IBM WebSphere Portal en sus versiones 7.0, 8.0, 8.5 y 9.0 podría permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirección abierta. • http://www.securityfocus.com/bid/105490 http://www.securitytracker.com/id/1041753 https://exchange.xforce.ibmcloud.com/vulnerabilities/147906 https://www.ibm.com/support/docview.wss?uid=ibm10729683 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •