Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmWebsphere Portal

15 matches found

CVE
CVEadded 2018/10/01 3:0 p.m.55 views

CVE-2018-1672

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.

6.5CVSS6AI score0.00237EPSS
CVE
CVEadded 2018/09/27 7:29 p.m.43 views

CVE-2018-1736

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a m...

7.4CVSS5.9AI score0.00555EPSS
CVE
CVEadded 2018/09/27 7:29 p.m.42 views

CVE-2018-1820

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.

5.4CVSS5.2AI score0.00247EPSS
CVE
CVEadded 2018/04/11 4:29 p.m.40 views

CVE-2018-1483

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.

6.1CVSS5.8AI score0.00248EPSS
CVE
CVEadded 2018/01/11 5:29 p.m.39 views

CVE-2018-1361

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158.

6.1CVSS5.8AI score0.00405EPSS
CVE
CVEadded 2018/03/14 12:29 a.m.39 views

CVE-2018-1444

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.

5.4CVSS5.2AI score0.00237EPSS
CVE
CVEadded 2018/07/11 4:29 p.m.37 views

CVE-2013-2951

IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.

7.8CVSS6.9AI score0.00048EPSS
CVE
CVEadded 2018/02/09 5:29 p.m.35 views

CVE-2018-1401

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437.

6.1CVSS5.8AI score0.00405EPSS
CVE
CVEadded 2018/09/27 7:29 p.m.35 views

CVE-2018-1716

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164...

6.1CVSS5.8AI score0.00235EPSS
CVE
CVEadded 2018/02/09 5:29 p.m.34 views

CVE-2017-1761

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005...

6.1CVSS5.8AI score0.00282EPSS
CVE
CVEadded 2018/02/27 5:29 p.m.34 views

CVE-2018-1416

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822...

6.1CVSS5.8AI score0.00248EPSS
CVE
CVEadded 2018/04/17 3:29 p.m.34 views

CVE-2018-1445

IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...

5.4CVSS5.2AI score0.00269EPSS
CVE
CVEadded 2018/10/12 5:29 a.m.34 views

CVE-2018-1673

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108...

6.1CVSS5.8AI score0.00263EPSS
CVE
CVEadded 2018/09/27 7:29 p.m.33 views

CVE-2018-1660

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886...

5.4CVSS5.2AI score0.00481EPSS
CVE
CVEadded 2018/10/01 3:0 p.m.31 views

CVE-2018-1420

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

6.5CVSS6.3AI score0.00154EPSS