Lucene search
K
IbmWebsphere Portal

126 matches found

CVE
CVE
added 2014/06/18 4:0 p.m.81 views

CVE-2014-0910

IBM WebSphere Portal is affected by a stored XSS in the Web Content Management component across versions 6.1.0.0–6.1.0.6 CF27, 6.1.5.0–6.1.5.3 CF27, and 7.0.0–7.0.0.2 CF28. The vulnerability allows remote authenticated users to inject arbitrary JavaScript via unspecified vectors. Root cause is im...

3.5CVSS5.1AI score0.02655EPSS
Web
CVE
CVE
added 2017/05/05 7:0 p.m.75 views

CVE-2017-1156

CVE-2017-1156 affects IBM WebSphere Portal 8.5.0 < CF14 and 9.0.0

8.8CVSS8.1AI score0.01146EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.72 views

CVE-2009-1009

CVE-2009-1009 concerns Oracle Outside In Technology (Outside In SDK/HTML Export) used with Oracle Application Server 8.1.9. The issue is a set of buffer-overflow vulnerabilities in processing Microsoft Excel spreadsheet records, caused by missing bounds checks when handling records/arrays of stru...

4.4CVSS8AI score0.00419EPSS
CVE
CVE
added 2016/02/29 11:0 a.m.72 views

CVE-2016-0245

IBM WebSphere Portal is affected by CVE-2016-0245 due to an XML External Entity (XXE) vulnerability in the XML parser. The issue allows remote authenticated users to read arbitrary files or cause a denial of service when processing XML with external entities. Affected versions include WebSphere P...

5.5CVSS5.3AI score0.01039EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.71 views

CVE-2009-1008

Technical details for CVE-2009-1008 are not provided in the connected documents. Monitor for updates from Oracle and security advisories.

4.4CVSS8AI score0.00419EPSS
CVE
CVE
added 2009/04/15 10:0 a.m.69 views

CVE-2009-1010

CVE-2009-1010 is a buffer/heap overflow in Oracle Outside In Technology (Outside In SDK HTML Export 8.2.2/8.3.0; affected variants include 8.3.0.5129, 8.2.2.4866, and related builds). iDefense describes multiple integer overflow paths when processing Excel records, leading to heap buffer overflow...

4.4CVSS8AI score0.00419EPSS
CVE
CVE
added 2018/10/01 3:0 p.m.68 views

CVE-2018-1672

IBM WebSphere Portal 7.0–9.0 is affected by a security bypass vulnerability where the application may fail to set the correct user context in impersonation scenarios. An authenticated, remote attacker could exploit this to perform actions in the user or administrator interface with the privileges...

6.5CVSS6AI score0.01156EPSS
CVE
CVE
added 2014/10/10 10:0 a.m.67 views

CVE-2014-4761

CVE-2014-4761 affects IBM WebSphere Portal versions 6.1.0.x, 6.1.5.x, 7.0.x, 8.0 before 8.0.0.1, and 8.5.0 through 8.5.0.0. It allows remote authenticated users to discover credentials by reading HTML source code. The vulnerability is triggered by exposing credential information via HTML source, ...

4CVSS6AI score0.01638EPSS
CVE
CVE
added 2017/12/11 9:0 p.m.67 views

CVE-2017-1536

CVE-2017-1536 : IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session. The provided...

5.4CVSS5.2AI score0.00694EPSS
CVE
CVE
added 2010/02/26 7:0 p.m.66 views

CVE-2010-0714

CVE-2010-0714 describes a Cross-site scripting (XSS) vulnerability in login.jsp across IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), IBM Lotus Workplace WCM versions 5.1.x, 6.x, 6.1.x, 6.1.5.0, and IBM Lotus Quickr services for WebSphere Portal. The flaw allows remote attackers to...

4.3CVSS5.7AI score0.03528EPSS
CVE
CVE
added 2009/06/03 4:33 p.m.64 views

CVE-2009-0899

IBM WebSphere products (WAS 6.1.x up to 6.1.0.24, WAS 7.0 up to 7.0.0.4, WebSphere Portal Server 5.1–6.0, and IBM Integrated Solutions Console 6.0.1) are affected by CVE-2009-0899 due to improper setting of IsSecurityEnabled during migration from WebSphere Member Manager (WMM) to Virtual Member M...

4.3CVSS5.9AI score0.01603EPSS
CVE
CVE
added 2015/05/25 12:0 a.m.64 views

CVE-2015-1921

IBM WebSphere Portal is affected by an open redirect vulnerability (CVE-2015-1921) in versions 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06. A crafted URL can redirect users to arbitrary sites, enabling phishing. Related advisories reference additional CVEs in the same product; remediation is ...

6.4CVSS6.5AI score0.02429EPSS
CVE
CVE
added 2015/10/28 6:0 p.m.63 views

CVE-2014-8912

CVE-2014-8912 affects IBM WebSphere Portal across multiple BPM/Cloud Orchestrator bundles (versions 6.1.0–8.5.0 prior to CF08) and IBM BPM/BPM Advanced/Express/WebSphere Process Server components. The root cause is failure to restrict access to resources within web applications, enabling remote a...

5CVSS8.2AI score0.02127EPSS
CVE
CVE
added 2007/06/19 5:0 p.m.62 views

CVE-2007-3128

CVE-2007-3128 pertains to WSPortal 1.0, where SQL injection is possible in content.php via the page parameter when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to execute arbitrary SQL commands through crafted input, potentially affecting data confidentiality and integr...

6.4CVSS8.2AI score0.01237EPSS
CVE
CVE
added 2014/07/29 8:0 p.m.62 views

CVE-2014-3055

CVE-2014-3055 is described in public sources as an SQL injection vulnerability in the Unified Task List Portlet of IBM WebSphere Portal 7.x and 8.x up to 8.0.0.1 CF12 . The vulnerability affects the portlet itself and allows remote attackers to execute arbitrary SQL commands via unspecified vecto...

7.5CVSS8.4AI score0.01946EPSS
CVE
CVE
added 2014/10/28 7:0 p.m.62 views

CVE-2014-4814

CVE-2014-4814 affects IBM WebSphere Portal versions 6.1.0 (through 6.1.0.6 CF27), 6.1.5 (through 6.1.5.3 CF27), 7.0 (through 7.0.0.2 CF28), 8.0 (through 8.0.0.1 CF14), and 8.5.0 before CF03. The issue is failure to properly detect recursion during entity expansion in XML, allowing remote authenti...

3.5CVSS6.7AI score0.01598EPSS
CVE
CVE
added 2013/12/22 3:0 p.m.61 views

CVE-2013-6735

CVE-2013-6735 affects IBM Web Content Manager (WCM). The connected sources confirm an XPath-injection vulnerability in WCM LIBRARY parameter that allows an unauthenticated attacker to manipulate requests and potentially extract sensitive configuration/JCR data from vulnerable WCM installations (v...

5CVSS6.1AI score0.03599EPSS
Web
CVE
CVE
added 2018/09/27 7:0 p.m.61 views

CVE-2018-1820

IBM WebSphere Portal is affected by CVE-2018-1820: a cross-site scripting (XSS) vulnerability in version 8.0, 8.5, and 9.0 caused by improper validation of user-supplied input. An unauthenticated, remote attacker can entice a user to click a crafted URL to execute arbitrary script in the user’s b...

5.4CVSS5.2AI score0.00968EPSS
CVE
CVE
added 2014/05/22 10:0 a.m.60 views

CVE-2014-0949

CVE-2014-0949 affects IBM WebSphere Portal 6.1.0 … 6.1.0.6 CF27, 6.1.5 … 6.1.5.3 CF27, 7.0 … 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12. It allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request. Connected Nessus/NVD entries corrobora...

5CVSS6.5AI score0.01164EPSS
CVE
CVE
added 2014/10/28 7:0 p.m.60 views

CVE-2014-4808

Technical details for CVE-2014-4808 are not publicly available in the provided documents. Monitor for updates from IBM and security advisories.

6.5CVSS7.2AI score0.02557EPSS
CVE
CVE
added 2015/12/31 2:0 a.m.60 views

CVE-2015-7447

IBM WebSphere Portal information disclosure vulnerability (CVE-2015-7447) affects multiple versions: 6.1.0–6.1.0.6 CF27, 6.1.5–6.1.5.3 CF27, 7.0.0–7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09. The flaw allows remote, unauthenticated attackers to bypass Portal AccessControl REST ...

5.3CVSS5AI score0.01983EPSS
CVE
CVE
added 2017/12/27 4:0 p.m.60 views

CVE-2017-1698

CVE-2017-1698 affects IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0. The issue is information disclosure via error messages that could enable further attacks. The connected sources describe an information-disclosure vulnerability in WebSphere Portal and reference IBM’s advisory (X-Force ID 124390) ...

5.3CVSS4.9AI score0.01562EPSS
CVE
CVE
added 2009/12/02 4:0 p.m.59 views

CVE-2009-4153

CVE-2009-4153 affects IBM WebSphere Portal 6.1.x before 6.1.0.3, specifically the XMLAccess component, with impact and attack vectors described as unknown and related to the work directory. Connected sources confirm the affected product/version and component but provide no detailed root cause, ex...

7.5CVSS6.4AI score0.012EPSS
CVE
CVE
added 2013/08/21 4:0 p.m.59 views

CVE-2013-3016

CVE-2013-3016 affects IBM WebSphere Portal versions 6.1, 7.0, and 8.0. A crafted servlet request, related to the serveServletsByClassnameEnabled setting, could allow remote attackers to access the user directory. The referenced sources describe unauthorized access to sensitive files via manipulat...

5CVSS6.7AI score0.01173EPSS
CVE
CVE
added 2014/05/22 10:0 a.m.59 views

CVE-2014-0955

CVE-2014-0955 is an XSS vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12 enabled when Social Rendering in Connections integration is active. Remote authenticated users can inject arbitrary web script/HTML via unspecified vectors. The issue is tied to the Social Rendering feature; the...

4.3CVSS5.2AI score0.01788EPSS
CVE
CVE
added 2016/02/29 11:0 a.m.59 views

CVE-2015-7457

IBM WebSphere Portal is affected by a cross-site scripting (XSS) vulnerability, CVE-2015-7457, in versions 8.0.x prior to 8.0.0.1 CF20 and 8.5.x prior to 8.5.0.0 CF09. An attacker can inject arbitrary script or HTML by crafting a URL, potentially compromising a user session. The provided sources ...

6.1CVSS5.8AI score0.00801EPSS
CVE
CVE
added 2016/02/29 11:0 a.m.59 views

CVE-2016-0244

CVE-2016-0244 is a cross-site scripting vulnerability in IBM WebSphere Portal. Affected versions include 6.1.0.x (up to 6.1.0.6 CF27), 6.1.5.x (up to 6.1.5.3 CF27), 7.x (up to 7.0.0.2 CF29), 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09. An attacker can exploit via a crafted URL to inj...

6.1CVSS5.8AI score0.00765EPSS
CVE
CVE
added 2017/07/05 1:0 p.m.59 views

CVE-2017-1217

CVE-2017-1217 affects IBM WebSphere Portal 8.5 and 9.0, where improper handling of user input enables cross-site scripting in the Web UI, potentially allowing an attacker to inject JavaScript and cause credentials disclosure within a trusted session. The provided documents do not specify a patch ...

6.1CVSS5.9AI score0.01077EPSS
CVE
CVE
added 2017/07/31 9:0 p.m.59 views

CVE-2017-1303

IBM WebSphere Portal and Web Content Manager versions 7.0, 8.0, 8.5, and 9.0 are affected by an XSS vulnerability that allows injection of arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. The root cause is improper input validation in t...

6.1CVSS5.8AI score0.01274EPSS
CVE
CVE
added 2016/09/12 10:0 a.m.58 views

CVE-2016-5954

CVE-2016-5954 affects IBM WebSphere Portal versions 6.1.0 to 6.1.0.6 CF27, 6.1.5 to 6.1.5.3 CF27, 7.0.0 to 7.0.0.2 CF30, 8.0.0 to 8.0.0.1 CF21, and 8.5.0 before CF12. The vulnerability allows remote authenticated users to cause a denial of service by uploading temporary files. Public sources in t...

6.5CVSS6.1AI score0.01305EPSS
CVE
CVE
added 2017/03/27 10:0 p.m.58 views

CVE-2017-1120

IBM WebSphere Portal is affected by CVE-2017-1120 (XSS) in the web UI. The Nessus entry notes multiple XSS vulnerabilities impacting IBM WebSphere Portal 8.5.0 before CF14 and 9.0.0 before CF14, allowing an unauthenticated, remote attacker to execute arbitrary script in a user browser session and...

6.1CVSS6AI score0.00961EPSS
CVE
CVE
added 2018/01/11 5:0 p.m.58 views

CVE-2018-1361

IBM WebSphere Portal 8.5 and 9.0 are affected by a cross-site scripting (XSS) vulnerability that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure in a trusted session. Public details indicate affected versions include 8.5.0.x before CF15 and 9.0.0...

6.1CVSS5.8AI score0.01077EPSS
CVE
CVE
added 2009/12/02 4:0 p.m.57 views

CVE-2009-4152

CVE-2009-4152 : A cross-site scripting (XSS) vulnerability affects the Collaboration component in IBM WebSphere Portal 6.1.x when running versions prior to 6.1.0.3 . The issue allows remote attackers to inject arbitrary web script or HTML via the people picker tag . The vulnerability is described...

4.3CVSS5.6AI score0.01065EPSS
CVE
CVE
added 2010/02/26 7:0 p.m.57 views

CVE-2010-0715

CVE-2010-0715 is an open redirect vulnerability in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management, covering versions 5.1.0.0–5.1.0.5, 6.0.0.0–6.0.0.4, 6.0.1.0–6.0.1.7, 6.1.0.0–6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8....

6.8CVSS6.8AI score0.01306EPSS
CVE
CVE
added 2014/08/12 1:0 a.m.57 views

CVE-2014-4746

CVE-2014-4746 affects IBM WebSphere Portal: 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01. The issue arises from returning different error codes for firewall-traversal requests based on whether the intranet host exists, enabling remote attackers to map the intranet network via a series of requ...

5CVSS6.5AI score0.0209EPSS
CVE
CVE
added 2015/04/24 11:0 p.m.57 views

CVE-2015-1886

CVE-2015-1886 affects IBM WebSphere Portal via the Remote Document Conversion Service (DCS): versions 6.1.0–6.1.0.6 CF27, 6.1.5–6.1.5.3 CF27, 7.0.0–7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 are vulnerable to memory consumption-based denial of service from crafted requests. T...

7.8CVSS6.7AI score0.03464EPSS
CVE
CVE
added 2015/07/14 2:0 p.m.57 views

CVE-2015-1917

CVE-2015-1917 is an XSS vulnerability in IBM Active Content Filtering (ACF) affecting IBM WebSphere Portal and related Curam/Care Management deployments. The Root Cause is improper validation of user-supplied input in the Active Content Filtering component, allowing remote attackers to inject scr...

4.3CVSS5.8AI score0.01805EPSS
CVE
CVE
added 2018/09/27 7:0 p.m.57 views

CVE-2018-1736

IBM WebSphere Portal versions 7.0, 8.0, 8.5, and 9.0 are affected by an open redirect vulnerability that could allow a remote attacker to spoof the displayed URL using a specially crafted website, enabling phishing or redirection to a malicious site. The provided sources describe the flaw as an o...

7.4CVSS5.9AI score0.01507EPSS
CVE
CVE
added 2015/07/14 2:0 p.m.56 views

CVE-2015-1887

CVE-2015-1887 affects IBM WebSphere Portal: information disclosure of JCR data via a crafted request due to improper access control on the JCR component. A remote, unauthenticated attacker could obtain sensitive information from the Java Content Repository. Affected versions per sources: WebSpher...

5CVSS6.1AI score0.02496EPSS
CVE
CVE
added 2016/08/08 1:0 a.m.56 views

CVE-2016-2925

CVE-2016-2925 is an XSS vulnerability in IBM WebSphere Portal affecting multiple versions (6.1.x, 7.x, 8.x with various CFs). The root cause is improper input validation that allows remote authenticated users to inject arbitrary script or HTML via a crafted URL. Documented impact is that an attac...

5.4CVSS4.9AI score0.01202EPSS
CVE
CVE
added 2010/11/09 8:0 p.m.55 views

CVE-2010-4219

CVE-2010-4219 is an XSS vulnerability affecting IBM WebSphere Portal 6.1.0.1, specifically in SemanticTagService.js. Remote attackers could inject arbitrary web script or HTML via unspecified vectors. The public docs confirm the affected product and component, but do not provide concrete exploita...

4.3CVSS5.7AI score0.00845EPSS
CVE
CVE
added 2013/12/22 3:0 p.m.55 views

CVE-2013-6723

CVE-2013-6723 affects IBM WebSphere Portal 8.0.0.1 before CF09. The issue arises from how references in compute="always" Web Content Manager (WCM) navigator components are handled, enabling remote attackers to obtain sensitive component information via unspecified vectors. Public records indicate...

5CVSS6.1AI score0.0167EPSS
CVE
CVE
added 2014/04/02 1:0 a.m.55 views

CVE-2014-0901

CVE-2014-0901 is an XSS in the Social Rendering component of the IBM Connections integration within IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11. The vulnerability allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the Social Rendering path. A ...

3.5CVSS5.2AI score0.00946EPSS
CVE
CVE
added 2014/05/22 10:0 a.m.55 views

CVE-2014-0952

CVE-2014-0952 is a cross-site scripting (XSS) vulnerability in IBM WebSphere Portal where boot_config.jsp accepts unsanitized input. Affected versions include WebSphere Portal 6.1.0.x up to 6.1.0.6 CF27, 6.1.5 up to 6.1.5.3 CF28, 7.0 up to 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12. An attacker ca...

4.3CVSS5.5AI score0.01148EPSS
CVE
CVE
added 2014/10/28 7:0 p.m.55 views

CVE-2014-4821

CVE-2014-4821 affects IBM WebSphere Portal 6.1.0.x (up to 6.1.0.6 CF27), 6.1.5.x (up to 6.1.5.3 CF27), 7.0.x (up to 7.0.0.2 CF28), 8.0.x (up to 8.0.0.1 CF14), and 8.5.0 before CF03. The vulnerability is an information-disclosure issue where the web server returns different error codes depending o...

5CVSS6.4AI score0.02072EPSS
CVE
CVE
added 2014/10/28 7:0 p.m.55 views

CVE-2014-6125

IBM WebSphere Portal 8.5.0 is affected by CVE-2014-6125 (CSRF) up to CF03. The issue arises from improper validation of user-supplied input, allowing remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences when a user is lured to a malicious site. T...

6.8CVSS6.6AI score0.00968EPSS
CVE
CVE
added 2014/12/19 2:0 a.m.55 views

CVE-2014-6193

IBM WebSphere Portal is affected: versions 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04 have the Managed Pages feature enabled, which allows remote authenticated users to write to pages via an XML injection attack. The connected sources confirm the affected product/version range and the attac...

4.9CVSS6.6AI score0.01581EPSS
CVE
CVE
added 2015/05/25 12:0 a.m.55 views

CVE-2015-1899

CVE-2015-1899 affects IBM WebSphere Portal 8.5 through CF05, enabling remote attackers to cause a denial of service via CPU resource consumption. The Nessus plugin for IBM WebSphere Portal 8.5.0

7.8CVSS6.7AI score0.01908EPSS
CVE
CVE
added 2015/04/24 11:0 p.m.55 views

CVE-2015-1908

CVE-2015-1908 affects IBM WebSphere Portal (and related Web Content Manager usage) across multiple versions: 6.1.0.x up to 8.5.0.x with CF05, and 8.5.0 prior to CF06, per NVD/Nessus entries. The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user-supplied inpu...

4.3CVSS5.7AI score0.01805EPSS
CVE
CVE
added 2015/10/29 10:0 a.m.55 views

CVE-2015-4997

CVE-2015-4997 concerns IBM WebSphere Portal 8.5.0 before CF08, where a crafted request can bypass intended access restrictions (access-control bypass). The NVD entry lists a network-remote attack with partial confidentiality/integrity/availability impacts (CVSS v2 base score 6.8). The OpenVAS ent...

6.8CVSS6.6AI score0.0203EPSS
Total number of security vulnerabilities126