Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmWebsphere Portal8.0.0.0

87 matches found

cve
cveadded 2009/04/15 10:30 a.m.55 views

CVE-2009-1009

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.

4.4CVSS8AI score0.00114EPSS
cve
cveadded 2018/10/01 3:0 p.m.55 views

CVE-2018-1672

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.

6.5CVSS6AI score0.00237EPSS
cve
cveadded 2014/10/10 10:55 a.m.52 views

CVE-2014-4761

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.

4CVSS6AI score0.00226EPSS
cve
cveadded 2009/04/15 10:30 a.m.51 views

CVE-2009-1008

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.

4.4CVSS8AI score0.00114EPSS
cve
cveadded 2009/04/15 10:30 a.m.50 views

CVE-2009-1010

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.

4.4CVSS8AI score0.00114EPSS
cve
cveadded 2014/07/29 8:55 p.m.50 views

CVE-2014-3055

SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.4AI score0.00291EPSS
cve
cveadded 2015/05/25 12:59 a.m.49 views

CVE-2015-1921

Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

6.4CVSS6.5AI score0.00228EPSS
cve
cveadded 2013/12/22 3:16 p.m.48 views

CVE-2013-6735

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web ...

5CVSS6.1AI score0.01022EPSS
cve
cveadded 2014/10/28 7:55 p.m.48 views

CVE-2014-4814

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU con...

3.5CVSS6.7AI score0.00852EPSS
cve
cveadded 2014/05/22 11:14 a.m.46 views

CVE-2014-0949

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request.

5CVSS6.5AI score0.00594EPSS
cve
cveadded 2014/10/28 7:55 p.m.46 views

CVE-2014-4808

Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors.

6.5CVSS7.2AI score0.01607EPSS
cve
cveadded 2014/12/19 2:59 a.m.46 views

CVE-2014-6193

IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.

4.9CVSS6.6AI score0.0034EPSS
cve
cveadded 2016/02/29 11:59 a.m.46 views

CVE-2016-0244

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a differe...

6.1CVSS5.8AI score0.00256EPSS
cve
cveadded 2013/08/21 4:55 p.m.45 views

CVE-2013-3016

IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.

5CVSS6.7AI score0.00207EPSS
cve
cveadded 2015/10/28 6:59 p.m.45 views

CVE-2014-8912

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by ...

5CVSS8.2AI score0.00215EPSS
cve
cveadded 2015/12/31 5:59 a.m.45 views

CVE-2015-7447

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vec...

5.3CVSS5AI score0.00248EPSS
cve
cveadded 2015/04/27 11:59 a.m.44 views

CVE-2015-1886

The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.

7.8CVSS6.7AI score0.02088EPSS
cve
cveadded 2016/09/12 10:59 a.m.44 views

CVE-2016-5954

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.

6.5CVSS6.1AI score0.00624EPSS
cve
cveadded 2013/11/18 3:55 a.m.43 views

CVE-2013-5454

IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.

4.3CVSS6.7AI score0.00234EPSS
cve
cveadded 2014/11/26 2:59 a.m.43 views

CVE-2014-6093

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00337EPSS
cve
cveadded 2015/07/14 2:59 p.m.43 views

CVE-2015-1917

Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or H...

4.3CVSS5.8AI score0.0023EPSS
cve
cveadded 2016/02/29 11:59 a.m.43 views

CVE-2015-7455

IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.

4CVSS3.8AI score0.00088EPSS
cve
cveadded 2017/09/07 4:29 p.m.43 views

CVE-2017-1189

IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

6.1CVSS5.8AI score0.00309EPSS
cve
cveadded 2017/12/27 5:8 p.m.43 views

CVE-2017-1698

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.

5.3CVSS4.9AI score0.00315EPSS
cve
cveadded 2018/09/27 7:29 p.m.43 views

CVE-2018-1736

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a m...

7.4CVSS5.9AI score0.00555EPSS
cve
cveadded 2012/11/30 7:55 p.m.42 views

CVE-2012-4834

Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.

5CVSS6.6AI score0.01686EPSS
cve
cveadded 2014/05/22 11:14 a.m.42 views

CVE-2014-0952

Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00266EPSS
cve
cveadded 2014/08/12 5:1 a.m.42 views

CVE-2014-0953

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.6AI score0.00322EPSS
cve
cveadded 2014/08/12 5:1 a.m.42 views

CVE-2014-4746

IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests.

5CVSS6.5AI score0.00383EPSS
cve
cveadded 2015/12/21 11:59 a.m.42 views

CVE-2015-4998

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnera...

6.1CVSS5.9AI score0.00266EPSS
cve
cveadded 2016/02/29 11:59 a.m.42 views

CVE-2015-7428

Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

7.4CVSS7.1AI score0.00201EPSS
cve
cveadded 2016/08/08 1:59 a.m.42 views

CVE-2016-2925

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS4.9AI score0.00205EPSS
cve
cveadded 2018/09/27 7:29 p.m.42 views

CVE-2018-1820

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.

5.4CVSS5.2AI score0.00247EPSS
cve
cveadded 2013/06/03 9:55 p.m.41 views

CVE-2013-0549

Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a...

4.3CVSS5.7AI score0.00322EPSS
cve
cveadded 2014/04/02 3:58 a.m.41 views

CVE-2014-0901

Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.0018EPSS
cve
cveadded 2014/05/22 11:14 a.m.41 views

CVE-2014-0958

Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8CVSS6.6AI score0.00227EPSS
cve
cveadded 2015/03/13 1:59 a.m.41 views

CVE-2015-0139

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS
cve
cveadded 2014/02/14 1:10 p.m.40 views

CVE-2013-6722

Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors.

5.8CVSS6.8AI score0.0054EPSS
cve
cveadded 2014/05/16 11:12 a.m.40 views

CVE-2014-0917

Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.6AI score0.00256EPSS
cve
cveadded 2014/05/22 11:14 a.m.40 views

CVE-2014-0951

Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00266EPSS
cve
cveadded 2014/05/22 11:14 a.m.40 views

CVE-2014-0956

Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.00266EPSS
cve
cveadded 2014/07/29 8:55 p.m.40 views

CVE-2014-3056

The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors.

5CVSS6.2AI score0.00321EPSS
cve
cveadded 2014/08/12 5:1 a.m.40 views

CVE-2014-4760

Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted UR...

5.8CVSS6.5AI score0.00328EPSS
cve
cveadded 2014/10/28 7:55 p.m.40 views

CVE-2014-4821

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of f...

5CVSS6.4AI score0.00321EPSS
cve
cveadded 2014/12/19 2:59 a.m.40 views

CVE-2014-8902

Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.7AI score0.00266EPSS
cve
cveadded 2015/07/14 2:59 p.m.40 views

CVE-2015-1887

IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.

5CVSS6.1AI score0.00285EPSS
cve
cveadded 2015/04/27 11:59 a.m.40 views

CVE-2015-1908

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web ...

4.3CVSS5.7AI score0.0023EPSS
cve
cveadded 2017/09/28 1:29 a.m.40 views

CVE-2017-1577

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

7.5CVSS7.3AI score0.01468EPSS
cve
cveadded 2014/05/22 11:14 a.m.39 views

CVE-2014-0955

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.2AI score0.00266EPSS
cve
cveadded 2014/12/19 2:59 a.m.39 views

CVE-2014-6171

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00289EPSS
Total number of security vulnerabilities87