Websphere Portal@8.5 Security Vulnerabilities and Issues — Websphere Portal@8.5 CVE List

Lucene search

IbmWebsphere Portal8.5

23 matches found

CVE•added 2017/05/05 7:29 p.m.•62 views

CVE-2017-1156

IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious We...

8.8CVSS8.1AI score0.00678EPSS

CVE•added 2017/12/11 9:29 p.m.•56 views

CVE-2017-1536

IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

5.4CVSS5.2AI score0.0025EPSS

CVE•added 2018/10/01 3:0 p.m.•55 views

CVE-2018-1672

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.

6.5CVSS6AI score0.00237EPSS

CVE•added 2017/07/31 9:29 p.m.•46 views

CVE-2017-1303

IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS5.8AI score0.00282EPSS

CVE•added 2017/12/27 5:8 p.m.•43 views

CVE-2017-1698

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.

5.3CVSS4.9AI score0.00315EPSS

CVE•added 2018/09/27 7:29 p.m.•43 views

CVE-2018-1736

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a m...

7.4CVSS5.9AI score0.00555EPSS

CVE•added 2017/07/05 1:29 p.m.•42 views

CVE-2017-1217

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857

6.1CVSS5.9AI score0.00419EPSS

CVE•added 2018/09/27 7:29 p.m.•42 views

CVE-2018-1820

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.

5.4CVSS5.2AI score0.00247EPSS

CVE•added 2017/03/27 10:59 p.m.•41 views

CVE-2017-1120

6.1CVSS6AI score0.00282EPSS

CVE•added 2017/09/28 1:29 a.m.•40 views

CVE-2017-1577

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

7.5CVSS7.3AI score0.01468EPSS

CVE•added 2018/04/11 4:29 p.m.•40 views

CVE-2018-1483

6.1CVSS5.8AI score0.00248EPSS

CVE•added 2018/01/11 5:29 p.m.•39 views

CVE-2018-1361

6.1CVSS5.8AI score0.00405EPSS

CVE•added 2018/03/14 12:29 a.m.•39 views

CVE-2018-1444

5.4CVSS5.2AI score0.00237EPSS

CVE•added 2017/02/01 8:59 p.m.•37 views

CVE-2016-8922

Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS6AI score0.00238EPSS

CVE•added 2018/02/09 5:29 p.m.•35 views

CVE-2018-1401

6.1CVSS5.8AI score0.00405EPSS

CVE•added 2018/09/27 7:29 p.m.•35 views

CVE-2018-1716

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164...

6.1CVSS5.8AI score0.00235EPSS

CVE•added 2018/02/09 5:29 p.m.•34 views

CVE-2017-1761

6.1CVSS5.8AI score0.00282EPSS

CVE•added 2018/02/27 5:29 p.m.•34 views

CVE-2018-1416

6.1CVSS5.8AI score0.00248EPSS

CVE•added 2018/04/17 3:29 p.m.•34 views

CVE-2018-1445

IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2018/10/12 5:29 a.m.•34 views

CVE-2018-1673

6.1CVSS5.8AI score0.00263EPSS

CVE•added 2017/12/20 6:29 p.m.•33 views

CVE-2017-1423

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.

5.3CVSS5.2AI score0.00222EPSS

CVE•added 2018/09/27 7:29 p.m.•33 views

CVE-2018-1660

5.4CVSS5.2AI score0.00481EPSS

CVE•added 2018/10/01 3:0 p.m.•31 views

CVE-2018-1420

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

6.5CVSS6.3AI score0.00154EPSS