Websphere Portal Security Vulnerabilities and Issues — Websphere Portal CVE List

Lucene search

IbmWebsphere Portal

10 matches found

CVE•added 2017/05/05 7:29 p.m.•62 views

CVE-2017-1156

IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious We...

8.8CVSS8.1AI score0.00678EPSS

CVE•added 2017/12/11 9:29 p.m.•56 views

CVE-2017-1536

IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

5.4CVSS5.2AI score0.0025EPSS

CVE•added 2017/07/31 9:29 p.m.•46 views

CVE-2017-1303

IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS5.8AI score0.00282EPSS

CVE•added 2017/09/07 4:29 p.m.•43 views

CVE-2017-1189

IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

6.1CVSS5.8AI score0.00309EPSS

CVE•added 2017/12/27 5:8 p.m.•43 views

CVE-2017-1698

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.

5.3CVSS4.9AI score0.00315EPSS

CVE•added 2017/07/05 1:29 p.m.•42 views

CVE-2017-1217

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857

6.1CVSS5.9AI score0.00419EPSS

CVE•added 2017/03/27 10:59 p.m.•41 views

CVE-2017-1120

6.1CVSS6AI score0.00282EPSS

CVE•added 2017/09/28 1:29 a.m.•40 views

CVE-2017-1577

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

7.5CVSS7.3AI score0.01468EPSS

CVE•added 2017/02/01 8:59 p.m.•37 views

CVE-2016-8922

Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS6AI score0.00238EPSS

CVE•added 2017/12/20 6:29 p.m.•33 views

CVE-2017-1423

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.

5.3CVSS5.2AI score0.00222EPSS