4 matches found
CVE-2016-2901
IBM WebSphere Portal 8.5 CF08–CF10 (and Web Content Manager) is affected by CVE-2016-2901 due to a CSRF/XSRF vulnerability in the PA_Theme_Creator. An unauthenticated remote attacker could exploit specially crafted requests to hijack the authentication of arbitrary users and perform actions that ...
CVE-2010-4807
CVE-2010-4807 affects IBM Web Content Manager (WCM) 7.0.0.1 before CF003. The issue is a race condition that allows remote authenticated users to trigger a denial of service via an infinite recursive query, linked to a StackOverflowError. Documents do not specify the exact vulnerable component, v...
CVE-2010-4806
The CVE concerns IBM Web Content Manager (WCM) versions 6.1.5 and 7.0.0.1 before CF003. The underlying issue is a bypass of intended access restrictions on draft creation, achieved by remote authenticated users who leverage certain resource editor privileges. Affected component/process appears to...
CVE-2011-2754
CVE-2011-2754 affects IBM WebSphere Portal 7.x (PageBuilder2/Page Builder theme) as used by IBM Web Content Manager and related products. It is a cross-site scripting (XSS) vulnerability in which remote attackers can inject arbitrary web script or HTML via unspecified vectors. The issue is tied t...