126 matches found
CVE-2014-0910
IBM WebSphere Portal is affected by a stored XSS in the Web Content Management component across versions 6.1.0.0–6.1.0.6 CF27, 6.1.5.0–6.1.5.3 CF27, and 7.0.0–7.0.0.2 CF28. The vulnerability allows remote authenticated users to inject arbitrary JavaScript via unspecified vectors. Root cause is im...
CVE-2017-1156
CVE-2017-1156 affects IBM WebSphere Portal 8.5.0 < CF14 and 9.0.0
CVE-2009-1009
CVE-2009-1009 concerns Oracle Outside In Technology (Outside In SDK/HTML Export) used with Oracle Application Server 8.1.9. The issue is a set of buffer-overflow vulnerabilities in processing Microsoft Excel spreadsheet records, caused by missing bounds checks when handling records/arrays of stru...
CVE-2016-0245
IBM WebSphere Portal is affected by CVE-2016-0245 due to an XML External Entity (XXE) vulnerability in the XML parser. The issue allows remote authenticated users to read arbitrary files or cause a denial of service when processing XML with external entities. Affected versions include WebSphere P...
CVE-2009-1008
Technical details for CVE-2009-1008 are not provided in the connected documents. Monitor for updates from Oracle and security advisories.
CVE-2009-1010
CVE-2009-1010 is a buffer/heap overflow in Oracle Outside In Technology (Outside In SDK HTML Export 8.2.2/8.3.0; affected variants include 8.3.0.5129, 8.2.2.4866, and related builds). iDefense describes multiple integer overflow paths when processing Excel records, leading to heap buffer overflow...
CVE-2018-1672
IBM WebSphere Portal 7.0–9.0 is affected by a security bypass vulnerability where the application may fail to set the correct user context in impersonation scenarios. An authenticated, remote attacker could exploit this to perform actions in the user or administrator interface with the privileges...
CVE-2014-4761
CVE-2014-4761 affects IBM WebSphere Portal versions 6.1.0.x, 6.1.5.x, 7.0.x, 8.0 before 8.0.0.1, and 8.5.0 through 8.5.0.0. It allows remote authenticated users to discover credentials by reading HTML source code. The vulnerability is triggered by exposing credential information via HTML source, ...
CVE-2017-1536
CVE-2017-1536 : IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session. The provided...
CVE-2010-0714
CVE-2010-0714 describes a Cross-site scripting (XSS) vulnerability in login.jsp across IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), IBM Lotus Workplace WCM versions 5.1.x, 6.x, 6.1.x, 6.1.5.0, and IBM Lotus Quickr services for WebSphere Portal. The flaw allows remote attackers to...
CVE-2009-0899
IBM WebSphere products (WAS 6.1.x up to 6.1.0.24, WAS 7.0 up to 7.0.0.4, WebSphere Portal Server 5.1–6.0, and IBM Integrated Solutions Console 6.0.1) are affected by CVE-2009-0899 due to improper setting of IsSecurityEnabled during migration from WebSphere Member Manager (WMM) to Virtual Member M...
CVE-2015-1921
IBM WebSphere Portal is affected by an open redirect vulnerability (CVE-2015-1921) in versions 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06. A crafted URL can redirect users to arbitrary sites, enabling phishing. Related advisories reference additional CVEs in the same product; remediation is ...
CVE-2014-8912
CVE-2014-8912 affects IBM WebSphere Portal across multiple BPM/Cloud Orchestrator bundles (versions 6.1.0–8.5.0 prior to CF08) and IBM BPM/BPM Advanced/Express/WebSphere Process Server components. The root cause is failure to restrict access to resources within web applications, enabling remote a...
CVE-2007-3128
CVE-2007-3128 pertains to WSPortal 1.0, where SQL injection is possible in content.php via the page parameter when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to execute arbitrary SQL commands through crafted input, potentially affecting data confidentiality and integr...
CVE-2014-3055
CVE-2014-3055 is described in public sources as an SQL injection vulnerability in the Unified Task List Portlet of IBM WebSphere Portal 7.x and 8.x up to 8.0.0.1 CF12 . The vulnerability affects the portlet itself and allows remote attackers to execute arbitrary SQL commands via unspecified vecto...
CVE-2014-4814
CVE-2014-4814 affects IBM WebSphere Portal versions 6.1.0 (through 6.1.0.6 CF27), 6.1.5 (through 6.1.5.3 CF27), 7.0 (through 7.0.0.2 CF28), 8.0 (through 8.0.0.1 CF14), and 8.5.0 before CF03. The issue is failure to properly detect recursion during entity expansion in XML, allowing remote authenti...
CVE-2013-6735
CVE-2013-6735 affects IBM Web Content Manager (WCM). The connected sources confirm an XPath-injection vulnerability in WCM LIBRARY parameter that allows an unauthenticated attacker to manipulate requests and potentially extract sensitive configuration/JCR data from vulnerable WCM installations (v...
CVE-2018-1820
IBM WebSphere Portal is affected by CVE-2018-1820: a cross-site scripting (XSS) vulnerability in version 8.0, 8.5, and 9.0 caused by improper validation of user-supplied input. An unauthenticated, remote attacker can entice a user to click a crafted URL to execute arbitrary script in the user’s b...
CVE-2014-0949
CVE-2014-0949 affects IBM WebSphere Portal 6.1.0 … 6.1.0.6 CF27, 6.1.5 … 6.1.5.3 CF27, 7.0 … 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12. It allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request. Connected Nessus/NVD entries corrobora...
CVE-2014-4808
Technical details for CVE-2014-4808 are not publicly available in the provided documents. Monitor for updates from IBM and security advisories.
CVE-2015-7447
IBM WebSphere Portal information disclosure vulnerability (CVE-2015-7447) affects multiple versions: 6.1.0–6.1.0.6 CF27, 6.1.5–6.1.5.3 CF27, 7.0.0–7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09. The flaw allows remote, unauthenticated attackers to bypass Portal AccessControl REST ...
CVE-2017-1698
CVE-2017-1698 affects IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0. The issue is information disclosure via error messages that could enable further attacks. The connected sources describe an information-disclosure vulnerability in WebSphere Portal and reference IBM’s advisory (X-Force ID 124390) ...
CVE-2009-4153
CVE-2009-4153 affects IBM WebSphere Portal 6.1.x before 6.1.0.3, specifically the XMLAccess component, with impact and attack vectors described as unknown and related to the work directory. Connected sources confirm the affected product/version and component but provide no detailed root cause, ex...
CVE-2013-3016
CVE-2013-3016 affects IBM WebSphere Portal versions 6.1, 7.0, and 8.0. A crafted servlet request, related to the serveServletsByClassnameEnabled setting, could allow remote attackers to access the user directory. The referenced sources describe unauthorized access to sensitive files via manipulat...
CVE-2014-0955
CVE-2014-0955 is an XSS vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12 enabled when Social Rendering in Connections integration is active. Remote authenticated users can inject arbitrary web script/HTML via unspecified vectors. The issue is tied to the Social Rendering feature; the...
CVE-2015-7457
IBM WebSphere Portal is affected by a cross-site scripting (XSS) vulnerability, CVE-2015-7457, in versions 8.0.x prior to 8.0.0.1 CF20 and 8.5.x prior to 8.5.0.0 CF09. An attacker can inject arbitrary script or HTML by crafting a URL, potentially compromising a user session. The provided sources ...
CVE-2016-0244
CVE-2016-0244 is a cross-site scripting vulnerability in IBM WebSphere Portal. Affected versions include 6.1.0.x (up to 6.1.0.6 CF27), 6.1.5.x (up to 6.1.5.3 CF27), 7.x (up to 7.0.0.2 CF29), 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09. An attacker can exploit via a crafted URL to inj...
CVE-2017-1217
CVE-2017-1217 affects IBM WebSphere Portal 8.5 and 9.0, where improper handling of user input enables cross-site scripting in the Web UI, potentially allowing an attacker to inject JavaScript and cause credentials disclosure within a trusted session. The provided documents do not specify a patch ...
CVE-2017-1303
IBM WebSphere Portal and Web Content Manager versions 7.0, 8.0, 8.5, and 9.0 are affected by an XSS vulnerability that allows injection of arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. The root cause is improper input validation in t...
CVE-2016-5954
CVE-2016-5954 affects IBM WebSphere Portal versions 6.1.0 to 6.1.0.6 CF27, 6.1.5 to 6.1.5.3 CF27, 7.0.0 to 7.0.0.2 CF30, 8.0.0 to 8.0.0.1 CF21, and 8.5.0 before CF12. The vulnerability allows remote authenticated users to cause a denial of service by uploading temporary files. Public sources in t...
CVE-2017-1120
IBM WebSphere Portal is affected by CVE-2017-1120 (XSS) in the web UI. The Nessus entry notes multiple XSS vulnerabilities impacting IBM WebSphere Portal 8.5.0 before CF14 and 9.0.0 before CF14, allowing an unauthenticated, remote attacker to execute arbitrary script in a user browser session and...
CVE-2018-1361
IBM WebSphere Portal 8.5 and 9.0 are affected by a cross-site scripting (XSS) vulnerability that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure in a trusted session. Public details indicate affected versions include 8.5.0.x before CF15 and 9.0.0...
CVE-2009-4152
CVE-2009-4152 : A cross-site scripting (XSS) vulnerability affects the Collaboration component in IBM WebSphere Portal 6.1.x when running versions prior to 6.1.0.3 . The issue allows remote attackers to inject arbitrary web script or HTML via the people picker tag . The vulnerability is described...
CVE-2010-0715
CVE-2010-0715 is an open redirect vulnerability in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management, covering versions 5.1.0.0–5.1.0.5, 6.0.0.0–6.0.0.4, 6.0.1.0–6.0.1.7, 6.1.0.0–6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8....
CVE-2014-4746
CVE-2014-4746 affects IBM WebSphere Portal: 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01. The issue arises from returning different error codes for firewall-traversal requests based on whether the intranet host exists, enabling remote attackers to map the intranet network via a series of requ...
CVE-2014-6193
IBM WebSphere Portal is affected: versions 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04 have the Managed Pages feature enabled, which allows remote authenticated users to write to pages via an XML injection attack. The connected sources confirm the affected product/version range and the attac...
CVE-2015-1886
CVE-2015-1886 affects IBM WebSphere Portal via the Remote Document Conversion Service (DCS): versions 6.1.0–6.1.0.6 CF27, 6.1.5–6.1.5.3 CF27, 7.0.0–7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 are vulnerable to memory consumption-based denial of service from crafted requests. T...
CVE-2015-1917
CVE-2015-1917 is an XSS vulnerability in IBM Active Content Filtering (ACF) affecting IBM WebSphere Portal and related Curam/Care Management deployments. The Root Cause is improper validation of user-supplied input in the Active Content Filtering component, allowing remote attackers to inject scr...
CVE-2018-1736
IBM WebSphere Portal versions 7.0, 8.0, 8.5, and 9.0 are affected by an open redirect vulnerability that could allow a remote attacker to spoof the displayed URL using a specially crafted website, enabling phishing or redirection to a malicious site. The provided sources describe the flaw as an o...
CVE-2014-6125
IBM WebSphere Portal 8.5.0 is affected by CVE-2014-6125 (CSRF) up to CF03. The issue arises from improper validation of user-supplied input, allowing remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences when a user is lured to a malicious site. T...
CVE-2015-1887
CVE-2015-1887 affects IBM WebSphere Portal: information disclosure of JCR data via a crafted request due to improper access control on the JCR component. A remote, unauthenticated attacker could obtain sensitive information from the Java Content Repository. Affected versions per sources: WebSpher...
CVE-2016-2925
CVE-2016-2925 is an XSS vulnerability in IBM WebSphere Portal affecting multiple versions (6.1.x, 7.x, 8.x with various CFs). The root cause is improper input validation that allows remote authenticated users to inject arbitrary script or HTML via a crafted URL. Documented impact is that an attac...
CVE-2010-4219
CVE-2010-4219 is an XSS vulnerability affecting IBM WebSphere Portal 6.1.0.1, specifically in SemanticTagService.js. Remote attackers could inject arbitrary web script or HTML via unspecified vectors. The public docs confirm the affected product and component, but do not provide concrete exploita...
CVE-2013-6723
CVE-2013-6723 affects IBM WebSphere Portal 8.0.0.1 before CF09. The issue arises from how references in compute="always" Web Content Manager (WCM) navigator components are handled, enabling remote attackers to obtain sensitive component information via unspecified vectors. Public records indicate...
CVE-2014-0901
CVE-2014-0901 is an XSS in the Social Rendering component of the IBM Connections integration within IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11. The vulnerability allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the Social Rendering path. A ...
CVE-2014-0952
CVE-2014-0952 is a cross-site scripting (XSS) vulnerability in IBM WebSphere Portal where boot_config.jsp accepts unsanitized input. Affected versions include WebSphere Portal 6.1.0.x up to 6.1.0.6 CF27, 6.1.5 up to 6.1.5.3 CF28, 7.0 up to 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12. An attacker ca...
CVE-2014-4821
CVE-2014-4821 affects IBM WebSphere Portal 6.1.0.x (up to 6.1.0.6 CF27), 6.1.5.x (up to 6.1.5.3 CF27), 7.0.x (up to 7.0.0.2 CF28), 8.0.x (up to 8.0.0.1 CF14), and 8.5.0 before CF03. The vulnerability is an information-disclosure issue where the web server returns different error codes depending o...
CVE-2015-1899
CVE-2015-1899 affects IBM WebSphere Portal 8.5 through CF05, enabling remote attackers to cause a denial of service via CPU resource consumption. The Nessus plugin for IBM WebSphere Portal 8.5.0
CVE-2015-1908
CVE-2015-1908 affects IBM WebSphere Portal (and related Web Content Manager usage) across multiple versions: 6.1.0.x up to 8.5.0.x with CF05, and 8.5.0 prior to CF06, per NVD/Nessus entries. The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user-supplied inpu...
CVE-2015-4997
CVE-2015-4997 concerns IBM WebSphere Portal 8.5.0 before CF08, where a crafted request can bypass intended access restrictions (access-control bypass). The NVD entry lists a network-remote attack with partial confidentiality/integrity/availability impacts (CVSS v2 base score 6.8). The OpenVAS ent...