Websphere Portal Security Vulnerabilities and Issues — Websphere Portal CVE List

Lucene search

IbmWebsphere Portal

12 matches found

CVE•added 2016/02/29 11:59 a.m.•46 views

CVE-2016-0244

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a differe...

6.1CVSS5.8AI score0.00256EPSS

CVE•added 2016/09/12 10:59 a.m.•44 views

CVE-2016-5954

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.

6.5CVSS6.1AI score0.00624EPSS

CVE•added 2016/02/29 11:59 a.m.•43 views

CVE-2015-7455

IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.

4CVSS3.8AI score0.00088EPSS

CVE•added 2016/02/29 11:59 a.m.•42 views

CVE-2015-7428

Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

7.4CVSS7.1AI score0.00201EPSS

CVE•added 2016/08/08 1:59 a.m.•42 views

CVE-2016-2925

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS4.9AI score0.00205EPSS

CVE•added 2016/02/29 11:59 a.m.•39 views

CVE-2015-7457

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.1CVSS5.8AI score0.00193EPSS

CVE•added 2016/02/15 2:59 a.m.•38 views

CVE-2015-7472

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.

7.2CVSS6.9AI score0.00219EPSS

CVE•added 2016/02/29 11:59 a.m.•38 views

CVE-2016-0243

6.1CVSS5.8AI score0.00256EPSS

CVE•added 2016/02/29 11:59 a.m.•38 views

CVE-2016-0245

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) i...

5.5CVSS5.3AI score0.0031EPSS

CVE•added 2016/06/26 1:59 a.m.•38 views

CVE-2016-2901

Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

8.8CVSS8.6AI score0.00142EPSS

CVE•added 2016/02/29 11:59 a.m.•37 views

CVE-2015-7491

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS4.9AI score0.0013EPSS

CVE•added 2016/01/27 5:59 a.m.•36 views

CVE-2016-0209

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS5.8AI score0.00225EPSS