Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmWebsphere Portal8.5.0.0

58 matches found

CVE
CVEadded 2018/10/01 3:0 p.m.55 views

CVE-2018-1672

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.

6.5CVSS6AI score0.00237EPSS
CVE
CVEadded 2014/10/10 10:55 a.m.52 views

CVE-2014-4761

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.

4CVSS6AI score0.00226EPSS
CVE
CVEadded 2015/05/25 12:59 a.m.49 views

CVE-2015-1921

Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

6.4CVSS6.5AI score0.00228EPSS
CVE
CVEadded 2014/10/28 7:55 p.m.48 views

CVE-2014-4814

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU con...

3.5CVSS6.7AI score0.00852EPSS
CVE
CVEadded 2014/12/19 2:59 a.m.46 views

CVE-2014-6193

IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.

4.9CVSS6.6AI score0.0034EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.46 views

CVE-2016-0244

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a differe...

6.1CVSS5.8AI score0.00256EPSS
CVE
CVEadded 2015/10/28 6:59 p.m.45 views

CVE-2014-8912

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by ...

5CVSS8.2AI score0.00215EPSS
CVE
CVEadded 2015/05/25 12:59 a.m.45 views

CVE-2015-1899

IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

7.8CVSS6.7AI score0.00667EPSS
CVE
CVEadded 2015/12/31 5:59 a.m.45 views

CVE-2015-7447

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vec...

5.3CVSS5AI score0.00248EPSS
CVE
CVEadded 2015/04/27 11:59 a.m.44 views

CVE-2015-1886

The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.

7.8CVSS6.7AI score0.02088EPSS
CVE
CVEadded 2016/09/12 10:59 a.m.44 views

CVE-2016-5954

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.

6.5CVSS6.1AI score0.00624EPSS
CVE
CVEadded 2015/10/29 11:59 a.m.43 views

CVE-2015-4997

IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.

6.8CVSS6.6AI score0.00254EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.43 views

CVE-2015-7455

IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.

4CVSS3.8AI score0.00088EPSS
CVE
CVEadded 2017/12/27 5:8 p.m.43 views

CVE-2017-1698

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.

5.3CVSS4.9AI score0.00315EPSS
CVE
CVEadded 2018/09/27 7:29 p.m.43 views

CVE-2018-1736

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a m...

7.4CVSS5.9AI score0.00555EPSS
CVE
CVEadded 2014/08/12 5:1 a.m.42 views

CVE-2014-4746

IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests.

5CVSS6.5AI score0.00383EPSS
CVE
CVEadded 2015/12/21 11:59 a.m.42 views

CVE-2015-4998

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnera...

6.1CVSS5.9AI score0.00266EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.42 views

CVE-2015-7428

Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

7.4CVSS7.1AI score0.00201EPSS
CVE
CVEadded 2016/08/08 1:59 a.m.42 views

CVE-2016-2925

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS4.9AI score0.00205EPSS
CVE
CVEadded 2018/09/27 7:29 p.m.42 views

CVE-2018-1820

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.

5.4CVSS5.2AI score0.00247EPSS
CVE
CVEadded 2015/03/13 1:59 a.m.41 views

CVE-2015-0139

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS
CVE
CVEadded 2014/08/12 5:1 a.m.40 views

CVE-2014-4760

Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted UR...

5.8CVSS6.5AI score0.00328EPSS
CVE
CVEadded 2014/10/28 7:55 p.m.40 views

CVE-2014-4821

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of f...

5CVSS6.4AI score0.00321EPSS
CVE
CVEadded 2014/12/19 2:59 a.m.40 views

CVE-2014-8902

Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.7AI score0.00266EPSS
CVE
CVEadded 2015/07/14 2:59 p.m.40 views

CVE-2015-1887

IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.

5CVSS6.1AI score0.00285EPSS
CVE
CVEadded 2015/04/27 11:59 a.m.40 views

CVE-2015-1908

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web ...

4.3CVSS5.7AI score0.0023EPSS
CVE
CVEadded 2017/09/28 1:29 a.m.40 views

CVE-2017-1577

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

7.5CVSS7.3AI score0.01468EPSS
CVE
CVEadded 2018/04/11 4:29 p.m.40 views

CVE-2018-1483

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.

6.1CVSS5.8AI score0.00248EPSS
CVE
CVEadded 2014/12/19 2:59 a.m.39 views

CVE-2014-6171

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00289EPSS
CVE
CVEadded 2015/12/21 11:59 a.m.39 views

CVE-2015-7413

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.7AI score0.00266EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.39 views

CVE-2015-7457

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1CVSS5.8AI score0.00193EPSS
CVE
CVEadded 2018/01/11 5:29 p.m.39 views

CVE-2018-1361

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158.

6.1CVSS5.8AI score0.00405EPSS
CVE
CVEadded 2018/03/14 12:29 a.m.39 views

CVE-2018-1444

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.

5.4CVSS5.2AI score0.00237EPSS
CVE
CVEadded 2015/12/21 11:59 a.m.38 views

CVE-2015-4993

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnera...

6.1CVSS5.9AI score0.00266EPSS
CVE
CVEadded 2016/02/15 2:59 a.m.38 views

CVE-2015-7472

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.

7.2CVSS6.9AI score0.00219EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.38 views

CVE-2016-0243

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a differe...

6.1CVSS5.8AI score0.00256EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.38 views

CVE-2016-0245

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) i...

5.5CVSS5.3AI score0.0031EPSS
CVE
CVEadded 2016/06/26 1:59 a.m.38 views

CVE-2016-2901

Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

8.8CVSS8.6AI score0.00142EPSS
CVE
CVEadded 2014/09/12 1:55 a.m.37 views

CVE-2014-4792

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files.

4CVSS6.2AI score0.00514EPSS
CVE
CVEadded 2014/10/28 7:55 p.m.37 views

CVE-2014-6125

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8CVSS6.6AI score0.00163EPSS
CVE
CVEadded 2015/12/21 11:59 a.m.37 views

CVE-2015-5001

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document.

6.8CVSS4.3AI score0.00648EPSS
CVE
CVEadded 2016/02/29 11:59 a.m.37 views

CVE-2015-7491

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS4.9AI score0.0013EPSS
CVE
CVEadded 2015/09/14 10:59 p.m.36 views

CVE-2015-1943

IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

7.8CVSS6.5AI score0.00939EPSS
CVE
CVEadded 2016/01/27 5:59 a.m.36 views

CVE-2016-0209

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS5.8AI score0.00225EPSS
CVE
CVEadded 2014/09/12 1:55 a.m.35 views

CVE-2014-4762

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00162EPSS
CVE
CVEadded 2015/03/13 1:59 a.m.35 views

CVE-2014-6214

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8CVSS6.7AI score0.00119EPSS
CVE
CVEadded 2015/07/14 2:59 p.m.35 views

CVE-2015-1944

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00162EPSS
CVE
CVEadded 2015/11/14 3:59 a.m.35 views

CVE-2015-7419

IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.

7.8CVSS6.6AI score0.00943EPSS
CVE
CVEadded 2018/02/09 5:29 p.m.35 views

CVE-2018-1401

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437.

6.1CVSS5.8AI score0.00405EPSS
CVE
CVEadded 2018/09/27 7:29 p.m.35 views

CVE-2018-1716

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164...

6.1CVSS5.8AI score0.00235EPSS
Total number of security vulnerabilities58