All the vulnerabilites related to ibm - lotus_workplace_web_content_management
Vulnerability from fkie_nvd
Published
2010-02-26 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4DF048-224A-43DB-A796-44EAF9CD8838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA05BB8A-C367-4A09-87A4-C9D9C46AE52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23785ACE-3F00-430E-B9ED-940A70A3201C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F885AD0-1134-483C-9A69-98AC0D60E79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF22D6E-7B21-4657-89ED-A7EF20BFF81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13570CD6-7D5F-4665-A982-9E83FA25C68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB7016-D077-402A-99C7-E6F6290F1D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C064D03F-D49C-4A2F-A23D-3ADC18EC277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDA430B-8996-43D4-BDBD-07A5C9EDB339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F74AC-2B5E-4B6C-9551-576A4F312BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC51FA38-1C63-47F5-A4CF-1128396B62C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF550E47-49FB-4EBC-83E7-4CFCB7279FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9516473F-0533-4326-B880-6B6FD591473D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "773AC6CD-7DDE-4676-8647-26C3B83354DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A502A57D-97DE-424E-B005-B086C1149959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8505A74-332E-4980-ABA2-BEE7E3D7B654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F49CBF7A-9C04-4960-B7B8-6F5C51785C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F535D576-9AC7-4047-8AC3-9F1B5A961DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D9DBB-AA57-4816-8EC6-F7479B5481E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87844DD4-AF06-4A91-973A-F885AD8CA569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC572C9B-BEBE-4619-9B34-73FD8C20F4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BC65C9-BF3E-41C0-ABD7-5587999FDA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2F018F-3356-45B1-AF0B-8E17023A04E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC532381-C1D3-4FE3-9E32-614B91482255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8153B9AE-9969-4D49-8B07-9817E0C37194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "709CE95C-FCC3-4A8B-9A47-8114BDFEAD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F55351DA-AEAC-40FC-B0B0-9CC1D456F651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E67047-A652-4828-BCE9-AB6C369B459F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9A2F08-F9E6-4DC4-AFFD-77B6787FA81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A727B34-8433-4571-AE1B-4F43320F57A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC18431F-8C85-4C3A-85B9-ADA860F6C0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108210EB-FFEF-4D69-A78D-85DA08913766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D993AD7F-81FC-4C82-9303-699B44ECC92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07EE7410-8A88-468A-B773-89D8A93859E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9A7C87-0DCE-4309-B344-AC106B6ECBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6141F9D-42F4-47D2-B340-356F174AA4AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8D8302-74CD-436A-92BD-C08F1254A2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "673674BD-D171-47AF-8169-FBF6346993E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "959CF397-FAC9-488D-96E5-9839EDA77494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A5D8C-6C5C-4666-BDC0-8451D1C9FCB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF4257D6-58F8-4209-BF67-9124D1BA0B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46AF30E4-3301-401B-94E5-D7FA9E62B82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E986062-BBA8-4AA0-AD41-E101FEFD49EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "250DFAAA-67A9-4E64-B1AE-0966EAC05468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA75DD49-E267-4306-84D8-4C3A548841A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53E20727-E021-442A-B7CB-AB1DFEA21374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5434B4A9-1433-469B-8352-D0FDDD033E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA803C8-EDAC-467E-B8CE-A60612AE86F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "812047C9-6477-455E-8739-4407336102F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10A39AB5-4BDB-4027-9F50-91BBFDAE8E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20E03B68-715F-428D-84FD-F800D02DDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE191CE-C2F4-45F7-8CF3-565832E01AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "49CC6237-2E8C-415A-9C09-C8FD3F4C1E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22D7C604-2F9B-4AA0-BEE0-379D2C65321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA1888C-A7F9-4019-8798-524EE7EB8A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33D2422E-141A-414E-B283-E7BF570FFA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C5D9B6-F013-46B7-AE06-609A0B11A8C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30E0AA87-E48E-46C3-B8DD-3C3A90322AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA17FC6-DAE6-4FAC-B3CD-1269689314CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CBEF3F-EB64-42D1-B23A-D3A20F900971",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "980401D7-AAF3-4AE4-9006-83D99170F5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CA670F-E987-44ED-8A2A-62CCA5D037F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3C43CE-8917-4109-A185-93699004638F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "344E13DD-DAFC-4394-8371-B032D117D6AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string."
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento directo en login.jsp en IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), y IBM Lotus Workplace Web Content Management v5.1.0.0 hasta v5.1.0.5, v6.0.0.0 hasta v6.0.0.4, v6.0.1.0 hasta v6.0.1.7, v6.1.0.0 hasta v6.1.0.3, y v6.1.5.0; y IBM Lotus Quickr services v8.0, v8.0.0.2, v8.1, v8.1.1, y v8.1.1.1 para WebSphere Portal; permite a atacantes remotos redireccionar a los usuarios a sitios de su elecci\u00f3n y conducir ataques phising a trav\u00e9s de la cadena de la pregunta."
}
],
"id": "CVE-2010-0715",
"lastModified": "2024-11-21T01:12:48.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-26T19:30:00.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-26 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4DF048-224A-43DB-A796-44EAF9CD8838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA05BB8A-C367-4A09-87A4-C9D9C46AE52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23785ACE-3F00-430E-B9ED-940A70A3201C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F885AD0-1134-483C-9A69-98AC0D60E79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF22D6E-7B21-4657-89ED-A7EF20BFF81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13570CD6-7D5F-4665-A982-9E83FA25C68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB7016-D077-402A-99C7-E6F6290F1D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C064D03F-D49C-4A2F-A23D-3ADC18EC277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDA430B-8996-43D4-BDBD-07A5C9EDB339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F74AC-2B5E-4B6C-9551-576A4F312BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC51FA38-1C63-47F5-A4CF-1128396B62C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF550E47-49FB-4EBC-83E7-4CFCB7279FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9516473F-0533-4326-B880-6B6FD591473D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "773AC6CD-7DDE-4676-8647-26C3B83354DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A502A57D-97DE-424E-B005-B086C1149959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8505A74-332E-4980-ABA2-BEE7E3D7B654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F49CBF7A-9C04-4960-B7B8-6F5C51785C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F535D576-9AC7-4047-8AC3-9F1B5A961DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D9DBB-AA57-4816-8EC6-F7479B5481E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87844DD4-AF06-4A91-973A-F885AD8CA569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC572C9B-BEBE-4619-9B34-73FD8C20F4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BC65C9-BF3E-41C0-ABD7-5587999FDA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2F018F-3356-45B1-AF0B-8E17023A04E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC532381-C1D3-4FE3-9E32-614B91482255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8153B9AE-9969-4D49-8B07-9817E0C37194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "709CE95C-FCC3-4A8B-9A47-8114BDFEAD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F55351DA-AEAC-40FC-B0B0-9CC1D456F651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E67047-A652-4828-BCE9-AB6C369B459F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9A2F08-F9E6-4DC4-AFFD-77B6787FA81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A727B34-8433-4571-AE1B-4F43320F57A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC18431F-8C85-4C3A-85B9-ADA860F6C0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108210EB-FFEF-4D69-A78D-85DA08913766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D993AD7F-81FC-4C82-9303-699B44ECC92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07EE7410-8A88-468A-B773-89D8A93859E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9A7C87-0DCE-4309-B344-AC106B6ECBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6141F9D-42F4-47D2-B340-356F174AA4AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8D8302-74CD-436A-92BD-C08F1254A2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "673674BD-D171-47AF-8169-FBF6346993E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "959CF397-FAC9-488D-96E5-9839EDA77494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A5D8C-6C5C-4666-BDC0-8451D1C9FCB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF4257D6-58F8-4209-BF67-9124D1BA0B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46AF30E4-3301-401B-94E5-D7FA9E62B82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E986062-BBA8-4AA0-AD41-E101FEFD49EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "250DFAAA-67A9-4E64-B1AE-0966EAC05468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA75DD49-E267-4306-84D8-4C3A548841A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53E20727-E021-442A-B7CB-AB1DFEA21374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5434B4A9-1433-469B-8352-D0FDDD033E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA803C8-EDAC-467E-B8CE-A60612AE86F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "812047C9-6477-455E-8739-4407336102F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10A39AB5-4BDB-4027-9F50-91BBFDAE8E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20E03B68-715F-428D-84FD-F800D02DDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE191CE-C2F4-45F7-8CF3-565832E01AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "49CC6237-2E8C-415A-9C09-C8FD3F4C1E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22D7C604-2F9B-4AA0-BEE0-379D2C65321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA1888C-A7F9-4019-8798-524EE7EB8A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33D2422E-141A-414E-B283-E7BF570FFA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C5D9B6-F013-46B7-AE06-609A0B11A8C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30E0AA87-E48E-46C3-B8DD-3C3A90322AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA17FC6-DAE6-4FAC-B3CD-1269689314CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CBEF3F-EB64-42D1-B23A-D3A20F900971",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "980401D7-AAF3-4AE4-9006-83D99170F5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CA670F-E987-44ED-8A2A-62CCA5D037F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3C43CE-8917-4109-A185-93699004638F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "344E13DD-DAFC-4394-8371-B032D117D6AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), y IBM Lotus Workplace Web Content Management v5.1.0.0 hasta v5.1.0.5, v6.0.0.0 hasta v6.0.0.4, v6.0.1.0 hasta v6.0.1.7, v6.1.0.0 hasta v6.1.0.3, y v6.1.5.0; y IBM Lotus Quickr services v8.0, v8.0.0.2, v8.1, v8.1.1, y v8.1.1.1 para WebSphere Portal; permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del cadena \"query\"."
}
],
"id": "CVE-2010-0714",
"lastModified": "2024-11-21T01:12:48.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-26T19:30:00.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38412"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023660"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2010-0714
Vulnerability from cvelistv5
Published
2010-02-26 19:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.hacktics.com/content/advisories/AdvIBM20100224.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56508 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1023660 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/509744/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21421469 | x_refsource_CONFIRM | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/38412 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-xss(56508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
},
{
"name": "1023660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023660"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"name": "PM03233",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"name": "38412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-xss(56508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
},
{
"name": "1023660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023660"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"name": "PM03233",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"name": "38412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html",
"refsource": "MISC",
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-xss(56508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
},
{
"name": "1023660",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023660"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"name": "PM03233",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"name": "38412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0714",
"datePublished": "2010-02-26T19:00:00",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0715
Vulnerability from cvelistv5
Published
2010-02-26 19:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.hacktics.com/content/advisories/AdvIBM20100224.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56602 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/509744/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21421469 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-phishing(56602)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-phishing(56602)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html",
"refsource": "MISC",
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-phishing(56602)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0715",
"datePublished": "2010-02-26T19:00:00",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}