Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:websphere_portal:7.0.0.0:cf001
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-1189 |
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558. Published: September 07, 2017; 12:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-4761 |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code. Published: October 10, 2014; 6:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-4792 |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files. Published: September 11, 2014; 9:55:07 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-0959 |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect. Published: May 22, 2014; 7:14:14 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-0958 |
Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: May 22, 2014; 7:14:14 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-0956 |
Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: May 22, 2014; 7:14:14 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0954 |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL. Published: May 22, 2014; 7:14:14 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-0952 |
Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: May 22, 2014; 7:14:14 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0951 |
Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: May 22, 2014; 7:14:14 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0949 |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request. Published: May 22, 2014; 7:14:14 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0918 |
Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL. Published: May 16, 2014; 7:12:00 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2014-0917 |
Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Published: May 16, 2014; 7:12:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-6722 |
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. Published: February 14, 2014; 8:10:30 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-3016 |
IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. Published: August 21, 2013; 12:55:11 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0587 |
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. Published: August 15, 2013; 9:55:15 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-2950 |
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Published: June 03, 2013; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-0549 |
Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Published: June 03, 2013; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |