Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ibm:websphere_portal:7.0.0.1:-
There are 65 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2014-8912

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.

Published: October 28, 2015; 2:59:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1943

IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

Published: September 14, 2015; 6:59:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2015-1917

Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: July 14, 2015; 10:59:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1887

IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.

Published: July 14, 2015; 10:59:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1908

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: April 27, 2015; 7:59:06 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1886

The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.

Published: April 27, 2015; 7:59:05 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2014-8909

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Published: February 12, 2015; 9:59:08 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8902

Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: December 18, 2014; 9:59:06 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6171

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: December 18, 2014; 9:59:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6215

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Published: December 11, 2014; 6:59:00 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-6093

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Published: November 25, 2014; 9:59:00 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-4821

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests.

Published: October 28, 2014; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4814

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Published: October 28, 2014; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-4808

Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors.

Published: October 28, 2014; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2014-4761

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.

Published: October 10, 2014; 6:55:07 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-4792

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files.

Published: September 11, 2014; 9:55:07 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-4760

Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

Published: August 12, 2014; 1:01:04 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2014-3102

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Published: August 12, 2014; 1:01:03 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-0953

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: August 12, 2014; 1:01:03 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-0910

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: June 18, 2014; 12:55:06 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW