All the vulnerabilites related to ibm - websphere_portal
cve-2009-1008
Vulnerability from cvelistv5
Published
2009-04-15 10:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1022055 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/34461 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/34693 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660640 | x_refsource_CONFIRM | |
| http://www.us-cert.gov/cas/techalerts/TA09-105A.html | third-party-advisory, x_refsource_CERT | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html | x_refsource_CONFIRM | |
| http://osvdb.org/53747 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022055",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "34693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34693"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name": "53747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-18T16:57:02",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "1022055",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "34693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34693"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name": "53747",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022055",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name": "53747",
"refsource": "OSVDB",
"url": "http://osvdb.org/53747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2009-1008",
"datePublished": "2009-04-15T10:00:00",
"dateReserved": "2009-03-19T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0715
Vulnerability from cvelistv5
Published
2010-02-26 19:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.hacktics.com/content/advisories/AdvIBM20100224.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56602 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/509744/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21421469 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-phishing(56602)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-phishing(56602)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html",
"refsource": "MISC",
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-phishing(56602)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0715",
"datePublished": "2010-02-26T19:00:00",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1445
Vulnerability from cvelistv5
Published
2018-04-17 15:00
Modified
2024-09-16 20:23
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139907 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040647 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg22015407 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 8.0 Version: 8.0.0.1 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"name": "1040647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"name": "1040647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2018-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"name": "1040647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040647"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1445",
"datePublished": "2018-04-17T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T20:23:01.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6214
Vulnerability from cvelistv5
Published
2015-03-13 01:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21697213 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031880 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI34987",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-16T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI34987",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI34987",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6214",
"datePublished": "2015-03-13T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3057
Vulnerability from cvelistv5
Published
2014-07-29 20:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60499 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21677032 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/93531 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/68928 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143057-xss(93531)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93531"
},
{
"name": "68928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68928"
},
{
"name": "PI18909",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "60499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143057-xss(93531)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93531"
},
{
"name": "68928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68928"
},
{
"name": "PI18909",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60499"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143057-xss(93531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93531"
},
{
"name": "68928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68928"
},
{
"name": "PI18909",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3057",
"datePublished": "2014-07-29T20:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2951
Vulnerability from cvelistv5
Published
2018-07-11 16:00
Modified
2024-08-06 15:52
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21642097 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83621 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"name": "was-portal-cve20132951-info-disclosure(83621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"name": "was-portal-cve20132951-info-disclosure(83621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"name": "was-portal-cve20132951-info-disclosure(83621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-2951",
"datePublished": "2018-07-11T16:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7455
Vulnerability from cvelistv5
Published
2016-02-29 11:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21975358 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI51234 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI51234",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-29T06:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI51234",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21975358",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI51234",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7455",
"datePublished": "2016-02-29T11:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0956
Vulnerability from cvelistv5
Published
2014-05-22 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21672572 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92629 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI16040 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:41.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140956-xss(92629)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92629"
},
{
"name": "PI16040",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140956-xss(92629)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92629"
},
{
"name": "PI16040",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140956-xss(92629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92629"
},
{
"name": "PI16040",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0956",
"datePublished": "2014-05-22T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:41.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6171
Vulnerability from cvelistv5
Published
2014-12-19 02:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98383 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21692107 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI29134",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134"
},
{
"name": "ibm-wsportal-cve20146171-xss(98383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI29134",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134"
},
{
"name": "ibm-wsportal-cve20146171-xss(98383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI29134",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134"
},
{
"name": "ibm-wsportal-cve20146171-xss(98383)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98383"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6171",
"datePublished": "2014-12-19T02:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2181
Vulnerability from cvelistv5
Published
2012-07-03 21:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg1PM64172 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75584 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=swg21598363 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PM64172",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM64172"
},
{
"name": "websphere-portal-dojo-dir-traversal(75584)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PM64172",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM64172"
},
{
"name": "websphere-portal-dojo-dir-traversal(75584)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598363"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM64172",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM64172"
},
{
"name": "websphere-portal-dojo-dir-traversal(75584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75584"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21598363",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598363"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2181",
"datePublished": "2012-07-03T21:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0195
Vulnerability from cvelistv5
Published
2015-10-03 22:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21958969 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958969"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-03T22:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958969"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21958969",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958969"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0195",
"datePublished": "2015-10-03T22:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4746
Vulnerability from cvelistv5
Published
2014-08-12 01:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21680230 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60612 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI21858 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94348 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1030669 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "60612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60612"
},
{
"name": "PI21858",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21858"
},
{
"name": "ibm-websphere-cve20144746-info-disc(94348)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94348"
},
{
"name": "1030669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030669"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "60612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60612"
},
{
"name": "PI21858",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21858"
},
{
"name": "ibm-websphere-cve20144746-info-disc(94348)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94348"
},
{
"name": "1030669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030669"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "60612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60612"
},
{
"name": "PI21858",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21858"
},
{
"name": "ibm-websphere-cve20144746-info-disc(94348)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94348"
},
{
"name": "1030669",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030669"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4746",
"datePublished": "2014-08-12T01:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2901
Vulnerability from cvelistv5
Published
2016-06-26 01:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1036143 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21983974 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI62594",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"name": "1036143",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-25T16:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI62594",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"name": "1036143",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI62594",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"name": "1036143",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036143"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2901",
"datePublished": "2016-06-26T01:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6328
Vulnerability from cvelistv5
Published
2013-12-22 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/64495 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/101269 | vdb-entry, x_refsource_OSVDB | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660011 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/88909 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64495"
},
{
"name": "101269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101269"
},
{
"name": "PM96345",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "ibm-wsportal-cve20136328-xss(88909)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "64495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64495"
},
{
"name": "101269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101269"
},
{
"name": "PM96345",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "ibm-wsportal-cve20136328-xss(88909)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64495"
},
{
"name": "101269",
"refsource": "OSVDB",
"url": "http://osvdb.org/101269"
},
{
"name": "PM96345",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "ibm-wsportal-cve20136328-xss(88909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6328",
"datePublished": "2013-12-22T15:00:00",
"dateReserved": "2013-10-31T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6722
Vulnerability from cvelistv5
Published
2014-02-14 02:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21662873 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89235 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI07013",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662873"
},
{
"name": "ibm-websphere-cve20136722-file-upload(89235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI07013",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662873"
},
{
"name": "ibm-websphere-cve20136722-file-upload(89235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI07013",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21662873",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662873"
},
{
"name": "ibm-websphere-cve20136722-file-upload(89235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6722",
"datePublished": "2014-02-14T02:00:00",
"dateReserved": "2013-11-08T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1943
Vulnerability from cvelistv5
Published
2015-09-14 22:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI39617 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21962567 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1033444 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:42.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI39617",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI39617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962567"
},
{
"name": "1033444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI39617",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI39617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962567"
},
{
"name": "1033444",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI39617",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI39617"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21962567",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962567"
},
{
"name": "1033444",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1943",
"datePublished": "2015-09-14T22:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:42.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1716
Vulnerability from cvelistv5
Published
2018-09-27 19:00
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041754 | vdb-entry, x_refsource_SECTRACK | |
| https://www.ibm.com/support/docview.wss?uid=ibm10729323 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/147164 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041754",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name": "ibm-websphere-cve20181716-xss(147164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1041754",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name": "ibm-websphere-cve20181716-xss(147164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041754",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041754"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729323",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name": "ibm-websphere-cve20181716-xss(147164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1716",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:57:00.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1536
Vulnerability from cvelistv5
Published
2017-12-11 21:00
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/130733 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102183 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22008031 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130733"
},
{
"name": "102183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2017-12-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130733"
},
{
"name": "102183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008031"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-1536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130733",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130733"
},
{
"name": "102183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102183"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008031",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008031"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1536",
"datePublished": "2017-12-11T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:45:25.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7413
Vulnerability from cvelistv5
Published
2015-12-21 11:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI50844 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21970176 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034284 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI50844",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50844"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "1034284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI50844",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50844"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "1034284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI50844",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50844"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "1034284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7413",
"datePublished": "2015-12-21T11:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3055
Vulnerability from cvelistv5
Published
2014-07-29 20:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60499 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21677032 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/93529 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143055-sqli(93529)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93529"
},
{
"name": "PI18909",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "60499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143055-sqli(93529)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93529"
},
{
"name": "PI18909",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60499"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143055-sqli(93529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93529"
},
{
"name": "PI18909",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3055",
"datePublished": "2014-07-29T20:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1660
Vulnerability from cvelistv5
Published
2018-09-27 19:00
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105446 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041755 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/144886 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10715923 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"name": "1041755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"name": "ibm-webphsere-cve20181660-xss(144886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "105446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"name": "1041755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"name": "ibm-webphsere-cve20181660-xss(144886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105446"
},
{
"name": "1041755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041755"
},
{
"name": "ibm-webphsere-cve20181660-xss(144886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10715923",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1660",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:57:09.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4152
Vulnerability from cvelistv5
Published
2009-12-02 16:00
Modified
2024-09-17 03:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.vupen.com/english/advisories/2009/3367 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/37159 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27014411 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37526 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PK93429",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429"
},
{
"name": "ADV-2009-3367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3367"
},
{
"name": "37159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"name": "37526",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37526"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "PK93429",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429"
},
{
"name": "ADV-2009-3367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3367"
},
{
"name": "37159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"name": "37526",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37526"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PK93429",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429"
},
{
"name": "ADV-2009-3367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3367"
},
{
"name": "37159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37159"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"name": "37526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37526"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4152",
"datePublished": "2009-12-02T16:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-17T03:17:41.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5001
Vulnerability from cvelistv5
Published
2015-12-21 11:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21970176 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI49540 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1034284 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "PI49540",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI49540"
},
{
"name": "1034284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "PI49540",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI49540"
},
{
"name": "1034284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "PI49540",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI49540"
},
{
"name": "1034284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5001",
"datePublished": "2015-12-21T11:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4761
Vulnerability from cvelistv5
Published
2014-10-10 10:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/61126 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21684652 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94658 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI22104",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104"
},
{
"name": "61126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61126"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684652"
},
{
"name": "ibm-wsportal-cve20144761-html(94658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI22104",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104"
},
{
"name": "61126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61126"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684652"
},
{
"name": "ibm-wsportal-cve20144761-html(94658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI22104",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104"
},
{
"name": "61126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61126"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684652",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684652"
},
{
"name": "ibm-wsportal-cve20144761-html(94658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4761",
"datePublished": "2014-10-10T10:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8902
Vulnerability from cvelistv5
Published
2014-12-19 02:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99150 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21692107 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wsportal-cve20148902-xss(99150)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99150"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"name": "PI29956",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wsportal-cve20148902-xss(99150)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99150"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"name": "PI29956",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wsportal-cve20148902-xss(99150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99150"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"name": "PI29956",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-8902",
"datePublished": "2014-12-19T02:00:00",
"dateReserved": "2014-11-14T00:00:00",
"dateUpdated": "2024-08-06T13:33:12.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0244
Vulnerability from cvelistv5
Published
2016-02-29 11:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21975358 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI55327 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:22.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI55327",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI55327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-29T06:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI55327",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI55327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21975358",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI55327",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI55327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0244",
"datePublished": "2016-02-29T11:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:22.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0714
Vulnerability from cvelistv5
Published
2010-02-26 19:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.hacktics.com/content/advisories/AdvIBM20100224.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56508 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1023660 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/509744/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21421469 | x_refsource_CONFIRM | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/38412 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-xss(56508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
},
{
"name": "1023660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023660"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"name": "PM03233",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"name": "38412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-xss(56508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
},
{
"name": "1023660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023660"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"name": "PM03233",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"name": "38412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html",
"refsource": "MISC",
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-xss(56508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
},
{
"name": "1023660",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023660"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal \u0026 Lotus WCM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"name": "PM03233",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"name": "38412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0714",
"datePublished": "2010-02-26T19:00:00",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2172
Vulnerability from cvelistv5
Published
2011-05-26 16:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/72500 | vdb-entry, x_refsource_OSVDB | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.ibm.com/support/docview.wss?uid=swg24029452 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44700 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/47954 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67594 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72500",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72500"
},
{
"name": "PM36644",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"name": "44700",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44700"
},
{
"name": "47954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47954"
},
{
"name": "PM37009",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009"
},
{
"name": "websphere-unspec-xss(67594)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "72500",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72500"
},
{
"name": "PM36644",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"name": "44700",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44700"
},
{
"name": "47954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47954"
},
{
"name": "PM37009",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009"
},
{
"name": "websphere-unspec-xss(67594)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72500",
"refsource": "OSVDB",
"url": "http://osvdb.org/72500"
},
{
"name": "PM36644",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029452",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"name": "44700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44700"
},
{
"name": "47954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47954"
},
{
"name": "PM37009",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009"
},
{
"name": "websphere-unspec-xss(67594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2172",
"datePublished": "2011-05-26T16:00:00",
"dateReserved": "2011-05-26T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0828
Vulnerability from cvelistv5
Published
2014-04-02 01:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21667016 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90566 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/66556 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"name": "PI10734",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734"
},
{
"name": "ibm-wsportal-cve20140828-wcm-xss(90566)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90566"
},
{
"name": "66556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"name": "PI10734",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734"
},
{
"name": "ibm-wsportal-cve20140828-wcm-xss(90566)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90566"
},
{
"name": "66556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66556"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"name": "PI10734",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734"
},
{
"name": "ibm-wsportal-cve20140828-wcm-xss(90566)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90566"
},
{
"name": "66556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66556"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0828",
"datePublished": "2014-04-02T01:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0910
Vulnerability from cvelistv5
Published
2014-06-18 16:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91875 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21675257 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wcm-cve20140910-xss(91875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91875"
},
{
"name": "PI18845",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wcm-cve20140910-xss(91875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91875"
},
{
"name": "PI18845",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675257"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wcm-cve20140910-xss(91875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91875"
},
{
"name": "PI18845",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675257",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675257"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0910",
"datePublished": "2014-06-18T16:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0958
Vulnerability from cvelistv5
Published
2014-05-22 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21672572 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI15689 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92739 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:41.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "PI15689",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15689"
},
{
"name": "ibm-websphere-cve20140958-url-redirect(92739)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "PI15689",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15689"
},
{
"name": "ibm-websphere-cve20140958-url-redirect(92739)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "PI15689",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15689"
},
{
"name": "ibm-websphere-cve20140958-url-redirect(92739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0958",
"datePublished": "2014-05-22T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:41.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7457
Vulnerability from cvelistv5
Published
2016-02-29 11:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21975358 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI56432 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56432",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-29T06:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56432",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21975358",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56432",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7457",
"datePublished": "2016-02-29T11:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6723
Vulnerability from cvelistv5
Published
2013-12-22 15:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/101271 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/64488 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660011 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89278 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI05684 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101271",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101271"
},
{
"name": "64488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "ibm-wsportal-cve20136723-reference(89278)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89278"
},
{
"name": "PI05684",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute=\"always\" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "101271",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101271"
},
{
"name": "64488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "ibm-wsportal-cve20136723-reference(89278)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89278"
},
{
"name": "PI05684",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute=\"always\" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101271",
"refsource": "OSVDB",
"url": "http://osvdb.org/101271"
},
{
"name": "64488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64488"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "ibm-wsportal-cve20136723-reference(89278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89278"
},
{
"name": "PI05684",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6723",
"datePublished": "2013-12-22T15:00:00",
"dateReserved": "2013-11-08T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0209
Vulnerability from cvelistv5
Published
2016-01-27 02:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034844 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21974564 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034844",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034844"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974564"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1034844",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034844"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974564"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034844"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974564",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974564"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0209",
"datePublished": "2016-01-27T02:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7428
Vulnerability from cvelistv5
Published
2016-02-29 11:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21975358 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI51589 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI51589",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-29T06:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI51589",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21975358",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI51589",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7428",
"datePublished": "2016-02-29T11:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0245
Vulnerability from cvelistv5
Published
2016-02-29 11:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21975358 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI56682 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:22.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56682",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-29T06:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56682",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21975358",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56682",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0245",
"datePublished": "2016-02-29T11:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:22.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7447
Vulnerability from cvelistv5
Published
2015-12-31 02:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/79511 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI51395 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1034538 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21973152 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "79511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79511"
},
{
"name": "PI51395",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51395"
},
{
"name": "1034538",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034538"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "79511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79511"
},
{
"name": "PI51395",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51395"
},
{
"name": "1034538",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034538"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79511"
},
{
"name": "PI51395",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51395"
},
{
"name": "1034538",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034538"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973152",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7447",
"datePublished": "2015-12-31T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1899
Vulnerability from cvelistv5
Published
2015-05-25 00:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI37139 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21700066 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI37139",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T00:57:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI37139",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI37139",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37139"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700066",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1899",
"datePublished": "2015-05-25T00:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0549
Vulnerability from cvelistv5
Published
2013-06-03 21:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21638984 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82762 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM84525 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638984"
},
{
"name": "was-portal-cve20130549-xss(82762)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82762"
},
{
"name": "PM84525",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM84525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638984"
},
{
"name": "was-portal-cve20130549-xss(82762)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82762"
},
{
"name": "PM84525",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM84525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21638984",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638984"
},
{
"name": "was-portal-cve20130549-xss(82762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82762"
},
{
"name": "PM84525",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM84525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0549",
"datePublished": "2013-06-03T21:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6126
Vulnerability from cvelistv5
Published
2014-10-28 19:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21684651 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/70756 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96783 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:11.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI26889",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "70756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70756"
},
{
"name": "ibm-wsportal-cve20146126-xss(96783)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI26889",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "70756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70756"
},
{
"name": "ibm-wsportal-cve20146126-xss(96783)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI26889",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "70756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70756"
},
{
"name": "ibm-wsportal-cve20146126-xss(96783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6126",
"datePublished": "2014-10-28T19:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:11.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4760
Vulnerability from cvelistv5
Published
2014-08-12 01:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21680230 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60597 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1030669 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94657 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "60597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60597"
},
{
"name": "1030669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030669"
},
{
"name": "ibm-websphere-cve20144760-open-redirect(94657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94657"
},
{
"name": "PI19877",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "60597",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60597"
},
{
"name": "1030669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030669"
},
{
"name": "ibm-websphere-cve20144760-open-redirect(94657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94657"
},
{
"name": "PI19877",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "60597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60597"
},
{
"name": "1030669",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"name": "ibm-websphere-cve20144760-open-redirect(94657)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94657"
},
{
"name": "PI19877",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4760",
"datePublished": "2014-08-12T01:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6316
Vulnerability from cvelistv5
Published
2013-12-22 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/64492 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/88597 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/101270 | vdb-entry, x_refsource_OSVDB | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660011 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:00.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64492"
},
{
"name": "ibm-wsportal-cve20136316-taxonomy(88597)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88597"
},
{
"name": "101270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "PI04897",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "64492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64492"
},
{
"name": "ibm-wsportal-cve20136316-taxonomy(88597)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88597"
},
{
"name": "101270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "PI04897",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64492"
},
{
"name": "ibm-wsportal-cve20136316-taxonomy(88597)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88597"
},
{
"name": "101270",
"refsource": "OSVDB",
"url": "http://osvdb.org/101270"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "PI04897",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6316",
"datePublished": "2013-12-22T15:00:00",
"dateReserved": "2013-10-31T00:00:00",
"dateUpdated": "2024-08-06T17:39:00.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1303
Vulnerability from cvelistv5
Published
2017-07-31 21:00
Modified
2024-09-16 17:53
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125457 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22004979 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100007 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004979"
},
{
"name": "100007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2017-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-01T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004979"
},
{
"name": "100007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-26T00:00:00",
"ID": "CVE-2017-1303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125457",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125457"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004979",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004979"
},
{
"name": "100007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1303",
"datePublished": "2017-07-31T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T17:53:12.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2754
Vulnerability from cvelistv5
Published
2011-07-17 20:00
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/45106 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ibm.com/support/docview.wss?uid=swg21503959 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-17T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45106"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21503959",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2754",
"datePublished": "2011-07-17T20:00:00Z",
"dateReserved": "2011-07-17T00:00:00Z",
"dateUpdated": "2024-09-16T18:38:36.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3423
Vulnerability from cvelistv5
Published
2008-08-04 01:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1020712 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44264 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/30500 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/2405 | vdb-entry, x_refsource_VUPEN | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/31443 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020712"
},
{
"name": "ibm-websphereportal-unspecified-auth-bypass(44264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44264"
},
{
"name": "30500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30500"
},
{
"name": "ADV-2008-2405",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2405"
},
{
"name": "PK67104",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104"
},
{
"name": "31443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020712",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020712"
},
{
"name": "ibm-websphereportal-unspecified-auth-bypass(44264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44264"
},
{
"name": "30500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30500"
},
{
"name": "ADV-2008-2405",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2405"
},
{
"name": "PK67104",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104"
},
{
"name": "31443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020712",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020712"
},
{
"name": "ibm-websphereportal-unspecified-auth-bypass(44264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44264"
},
{
"name": "30500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30500"
},
{
"name": "ADV-2008-2405",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2405"
},
{
"name": "PK67104",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104"
},
{
"name": "31443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3423",
"datePublished": "2008-08-04T01:00:00",
"dateReserved": "2008-07-31T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8909
Vulnerability from cvelistv5
Published
2015-02-13 02:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI30620 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21694738 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99250 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI30620",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI30620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694738"
},
{
"name": "ibm-wsportal-cve20148909-xss(99250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI30620",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI30620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694738"
},
{
"name": "ibm-wsportal-cve20148909-xss(99250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI30620",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI30620"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694738",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694738"
},
{
"name": "ibm-wsportal-cve20148909-xss(99250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-8909",
"datePublished": "2015-02-13T02:00:00",
"dateReserved": "2014-11-14T00:00:00",
"dateUpdated": "2024-08-06T13:33:12.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1820
Vulnerability from cvelistv5
Published
2018-09-27 19:00
Modified
2024-09-17 03:55
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10732287 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041751 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/150096 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"name": "1041751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"name": "ibm-websphere-cve20181820-xss(150096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"name": "1041751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"name": "ibm-websphere-cve20181820-xss(150096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10732287",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"name": "1041751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041751"
},
{
"name": "ibm-websphere-cve20181820-xss(150096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1820",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:55:04.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1886
Vulnerability from cvelistv5
Published
2015-04-24 23:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1032189 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21701566 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/74216 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI37356",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356"
},
{
"name": "1032189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"name": "74216",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-22T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI37356",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356"
},
{
"name": "1032189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"name": "74216",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI37356",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356"
},
{
"name": "1032189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032189"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"name": "74216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1886",
"datePublished": "2015-04-24T23:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3102
Vulnerability from cvelistv5
Published
2014-08-12 01:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21680230 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI16174 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1030669 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94269 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "PI16174",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16174"
},
{
"name": "1030669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030669"
},
{
"name": "ibm-was-cve20143102-xss(94269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "PI16174",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16174"
},
{
"name": "1030669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030669"
},
{
"name": "ibm-was-cve20143102-xss(94269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "PI16174",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16174"
},
{
"name": "1030669",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"name": "ibm-was-cve20143102-xss(94269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3102",
"datePublished": "2014-08-12T01:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6193
Vulnerability from cvelistv5
Published
2014-12-19 02:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98567 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21692107 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI28699",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699"
},
{
"name": "ibm-wsportal-cve20146193-xml-injection(98567)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98567"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI28699",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699"
},
{
"name": "ibm-wsportal-cve20146193-xml-injection(98567)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98567"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI28699",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699"
},
{
"name": "ibm-wsportal-cve20146193-xml-injection(98567)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98567"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6193",
"datePublished": "2014-12-19T02:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6730
Vulnerability from cvelistv5
Published
2014-03-04 22:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89363 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21665915 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI07185",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185"
},
{
"name": "ibm-websphere-portal-cve20136730-search(89363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI07185",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185"
},
{
"name": "ibm-websphere-portal-cve20136730-search(89363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI07185",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185"
},
{
"name": "ibm-websphere-portal-cve20136730-search(89363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89363"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6730",
"datePublished": "2014-03-04T22:00:00",
"dateReserved": "2013-11-08T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6735
Vulnerability from cvelistv5
Published
2013-12-22 15:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/56161 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/530552/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/64496 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89591 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/101255 | vdb-entry, x_refsource_OSVDB | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660289 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777 | vendor-advisory, x_refsource_AIXAPAR | |
| https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1029539 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56161"
},
{
"name": "20131227 SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
},
{
"name": "64496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64496"
},
{
"name": "ibm-wsportal-cve20136735-jcr(89591)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
},
{
"name": "101255",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101255"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
},
{
"name": "PI07777",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
},
{
"name": "1029539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "56161",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56161"
},
{
"name": "20131227 SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
},
{
"name": "64496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64496"
},
{
"name": "ibm-wsportal-cve20136735-jcr(89591)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
},
{
"name": "101255",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101255"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
},
{
"name": "PI07777",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
},
{
"name": "1029539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56161"
},
{
"name": "20131227 SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
},
{
"name": "64496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64496"
},
{
"name": "ibm-wsportal-cve20136735-jcr(89591)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
},
{
"name": "101255",
"refsource": "OSVDB",
"url": "http://osvdb.org/101255"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
},
{
"name": "PI07777",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
},
{
"name": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
},
{
"name": "1029539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029539"
},
{
"name": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6735",
"datePublished": "2013-12-22T15:00:00",
"dateReserved": "2013-11-08T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6125
Vulnerability from cvelistv5
Published
2014-10-28 19:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21684651 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/70759 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96782 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI26889",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "70759",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70759"
},
{
"name": "ibm-wsportal-cve20146125-csrf(96782)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI26889",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "70759",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70759"
},
{
"name": "ibm-wsportal-cve20146125-csrf(96782)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI26889",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "70759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70759"
},
{
"name": "ibm-wsportal-cve20146125-csrf(96782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6125",
"datePublished": "2014-10-28T19:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7491
Vulnerability from cvelistv5
Published
2016-02-29 11:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21975358 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI56433 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56433",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-29T06:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56433",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21975358",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "PI56433",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7491",
"datePublished": "2016-02-29T11:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1577
Vulnerability from cvelistv5
Published
2017-09-27 17:00
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/132117 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/101017 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039405 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ibm.com/support/docview.wss?uid=swg22008586 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132117"
},
{
"name": "101017",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101017"
},
{
"name": "1039405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039405"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2017-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132117"
},
{
"name": "101017",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101017"
},
{
"name": "1039405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-20T00:00:00",
"ID": "CVE-2017-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132117",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132117"
},
{
"name": "101017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101017"
},
{
"name": "1039405",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039405"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008586",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1577",
"datePublished": "2017-09-27T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:56:44.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5954
Vulnerability from cvelistv5
Published
2016-09-12 10:00
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93017 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036762 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI67037 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21989993 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93017",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93017"
},
{
"name": "1036762",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036762"
},
{
"name": "PI67037",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67037"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "93017",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93017"
},
{
"name": "1036762",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036762"
},
{
"name": "PI67037",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67037"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93017"
},
{
"name": "1036762",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036762"
},
{
"name": "PI67037",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67037"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989993",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5954",
"datePublished": "2016-09-12T10:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1416
Vulnerability from cvelistv5
Published
2018-02-27 17:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/138822 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22013706 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103168 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013706"
},
{
"name": "103168",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-28T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013706"
},
{
"name": "103168",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-22T00:00:00",
"ID": "CVE-2018-1416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22013706",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013706"
},
{
"name": "103168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1416",
"datePublished": "2018-02-27T17:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T18:03:04.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0901
Vulnerability from cvelistv5
Published
2014-04-02 01:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91398 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21667016 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/66559 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wsportal-cve20140901-sr-xss(91398)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91398"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"name": "66559",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66559"
},
{
"name": "PI12659",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wsportal-cve20140901-sr-xss(91398)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91398"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"name": "66559",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66559"
},
{
"name": "PI12659",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wsportal-cve20140901-sr-xss(91398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91398"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"name": "66559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66559"
},
{
"name": "PI12659",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0901",
"datePublished": "2014-04-02T01:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0955
Vulnerability from cvelistv5
Published
2014-05-22 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21672572 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92628 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI15583",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140955-xss(92628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI15583",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140955-xss(92628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI15583",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140955-xss(92628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0955",
"datePublished": "2014-05-22T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8922
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21993561 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94413 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | WebSphere Portal |
Version: 5.1.0.0 Version: 5.1.0.1 Version: 5.1.0.2 Version: 5.1.0.3 Version: 5.1.0.4 Version: 5.1.0.5 Version: 6.0.0.0 Version: 6.0.0.1 Version: 6.0.1.1 Version: 6.0.1.3 Version: 6.1.0.0 Version: 6.0.1.5 Version: 6.0.1.2 Version: 6.0.1.4 Version: 6.1.0.1 Version: 6.1.0.2 Version: 6.1.0.3 Version: 6.0.1.5 build wp6015_008_01 Version: 6.0.0.2 Version: 6.0.0.3 Version: 6.0.0.4 Version: 6.0.1.0 Version: 6.0.1.6 Version: 6.0.1.7 Version: 6.1.5.0 Version: 7.0 Version: 7.0.0.1 Version: 8.0 Version: 1.0 Version: 8.0.0.1 Version: 7.0.0.2 Version: 6.1.0.4 Version: 6.1.0.5 Version: 6.1.0.6 Version: 6.1.5.1 Version: 6.1.5.2 Version: 6.1.5.3 Version: 8 Version: 7 Version: 6.1.5 Version: 6.1.0 Version: 6.0.1 Version: 6.0.0 Version: 8.5 Version: 6.1 Version: 6.0 Version: 8.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993561"
},
{
"name": "94413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "5.1.0.0"
},
{
"status": "affected",
"version": "5.1.0.1"
},
{
"status": "affected",
"version": "5.1.0.2"
},
{
"status": "affected",
"version": "5.1.0.3"
},
{
"status": "affected",
"version": "5.1.0.4"
},
{
"status": "affected",
"version": "5.1.0.5"
},
{
"status": "affected",
"version": "6.0.0.0"
},
{
"status": "affected",
"version": "6.0.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.1.3"
},
{
"status": "affected",
"version": "6.1.0.0"
},
{
"status": "affected",
"version": "6.0.1.5"
},
{
"status": "affected",
"version": "6.0.1.2"
},
{
"status": "affected",
"version": "6.0.1.4"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.0.1.5 build wp6015_008_01"
},
{
"status": "affected",
"version": "6.0.0.2"
},
{
"status": "affected",
"version": "6.0.0.3"
},
{
"status": "affected",
"version": "6.0.0.4"
},
{
"status": "affected",
"version": "6.0.1.0"
},
{
"status": "affected",
"version": "6.0.1.6"
},
{
"status": "affected",
"version": "6.0.1.7"
},
{
"status": "affected",
"version": "6.1.5.0"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "7.0.0.2"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.0.5"
},
{
"status": "affected",
"version": "6.1.0.6"
},
{
"status": "affected",
"version": "6.1.5.1"
},
{
"status": "affected",
"version": "6.1.5.2"
},
{
"status": "affected",
"version": "6.1.5.3"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "8.5.0"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993561"
},
{
"name": "94413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "5.1.0.0"
},
{
"version_value": "5.1.0.1"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.5"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.5 build wp6015_008_01"
},
{
"version_value": "6.0.0.2"
},
{
"version_value": "6.0.0.3"
},
{
"version_value": "6.0.0.4"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.1.5.0"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "8.0"
},
{
"version_value": "1.0"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "7.0.0.2"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.0.5"
},
{
"version_value": "6.1.0.6"
},
{
"version_value": "6.1.5.1"
},
{
"version_value": "6.1.5.2"
},
{
"version_value": "6.1.5.3"
},
{
"version_value": "8"
},
{
"version_value": "7"
},
{
"version_value": "6.1.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.0"
},
{
"version_value": "8.5"
},
{
"version_value": "6.1"
},
{
"version_value": "6.0"
},
{
"version_value": "8.5.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21993561",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993561"
},
{
"name": "94413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8922",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0855
Vulnerability from cvelistv5
Published
2014-02-14 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90802 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21663921 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20140855-xss(90802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20140855-xss(90802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20140855-xss(90802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90802"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21663921",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0855",
"datePublished": "2014-02-14T02:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4012
Vulnerability from cvelistv5
Published
2013-12-22 15:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85618 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660011 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wsportal-cve20134012-paa(85618)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85618"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "PM93172",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wsportal-cve20134012-paa(85618)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85618"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "PM93172",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wsportal-cve20134012-paa(85618)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85618"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"name": "PM93172",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4012",
"datePublished": "2013-12-22T15:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5454
Vulnerability from cvelistv5
Published
2013-11-16 02:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21655656 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/88253 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:20.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PM99205",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655656"
},
{
"name": "was-portal-cve20135454-info-disc(88253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PM99205",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655656"
},
{
"name": "was-portal-cve20135454-info-disc(88253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM99205",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655656",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655656"
},
{
"name": "was-portal-cve20135454-info-disc(88253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5454",
"datePublished": "2013-11-16T02:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:15:20.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1483
Vulnerability from cvelistv5
Published
2018-04-11 16:00
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=swg22015317 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/140918 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040644 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"name": "1040644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"name": "1040644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-06T00:00:00",
"ID": "CVE-2018-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22015317",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"name": "1040644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1483",
"datePublished": "2018-04-11T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T18:28:40.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5378
Vulnerability from cvelistv5
Published
2013-11-13 15:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21655634 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86929 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM97593 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM95881 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655634"
},
{
"name": "PM95802",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802"
},
{
"name": "was-portal-cve20135378-xss(86929)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86929"
},
{
"name": "PM97593",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97593"
},
{
"name": "PM95881",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655634"
},
{
"name": "PM95802",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802"
},
{
"name": "was-portal-cve20135378-xss(86929)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86929"
},
{
"name": "PM97593",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97593"
},
{
"name": "PM95881",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655634",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655634"
},
{
"name": "PM95802",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802"
},
{
"name": "was-portal-cve20135378-xss(86929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86929"
},
{
"name": "PM97593",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97593"
},
{
"name": "PM95881",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5378",
"datePublished": "2013-11-13T15:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0949
Vulnerability from cvelistv5
Published
2014-05-22 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21672572 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92622 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140949-dos(92622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92622"
},
{
"name": "PI15692",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140949-dos(92622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92622"
},
{
"name": "PI15692",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140949-dos(92622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92622"
},
{
"name": "PI15692",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0949",
"datePublished": "2014-05-22T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1673
Vulnerability from cvelistv5
Published
2018-10-12 05:00
Modified
2024-09-17 02:27
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10731155 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/145108 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1041845 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"name": "ibm-websphere-cve20181673-xss(145108)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"name": "1041845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"name": "ibm-websphere-cve20181673-xss(145108)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"name": "1041845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731155",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"name": "ibm-websphere-cve20181673-xss(145108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"name": "1041845",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1673",
"datePublished": "2018-10-12T05:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:27:06.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1761
Vulnerability from cvelistv5
Published
2018-02-09 17:00
Modified
2024-09-16 20:21
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/136005 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22012416 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040333 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012416"
},
{
"name": "1040333",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040333"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-10T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012416"
},
{
"name": "1040333",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040333"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-06T00:00:00",
"ID": "CVE-2017-1761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136005",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136005"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012416",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012416"
},
{
"name": "1040333",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040333"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1761",
"datePublished": "2018-02-09T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T20:21:22.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1887
Vulnerability from cvelistv5
Published
2015-07-14 14:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032970 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/75475 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21958024 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI36150 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032970"
},
{
"name": "75475",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"name": "PI36150",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI36150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032970"
},
{
"name": "75475",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"name": "PI36150",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI36150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032970"
},
{
"name": "75475",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75475"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"name": "PI36150",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI36150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1887",
"datePublished": "2015-07-14T14:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2173
Vulnerability from cvelistv5
Published
2011-05-26 16:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg24029452 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67687 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM33432 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"name": "websphere-outputmediator-dos(67687)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67687"
},
{
"name": "PM33432",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM33432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"name": "websphere-outputmediator-dos(67687)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67687"
},
{
"name": "PM33432",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM33432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029452",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"name": "websphere-outputmediator-dos(67687)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67687"
},
{
"name": "PM33432",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM33432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2173",
"datePublished": "2011-05-26T16:00:00",
"dateReserved": "2011-05-26T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0177
Vulnerability from cvelistv5
Published
2015-03-13 01:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21697213 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031880 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI35228",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-16T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI35228",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI35228",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0177",
"datePublished": "2015-03-13T01:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4993
Vulnerability from cvelistv5
Published
2015-12-21 11:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI47516 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21970176 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/78609 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1034284 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI47516",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "78609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78609"
},
{
"name": "1034284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI47516",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "78609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78609"
},
{
"name": "1034284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI47516",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47516"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "78609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78609"
},
{
"name": "1034284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4993",
"datePublished": "2015-12-21T11:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3056
Vulnerability from cvelistv5
Published
2014-07-29 20:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60499 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21677032 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/93530 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143056-infodisc(93530)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93530"
},
{
"name": "PI18909",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "60499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143056-infodisc(93530)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93530"
},
{
"name": "PI18909",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60499"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143056-infodisc(93530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93530"
},
{
"name": "PI18909",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3056",
"datePublished": "2014-07-29T20:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0959
Vulnerability from cvelistv5
Published
2014-05-22 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21672572 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92741 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "PI16462",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462"
},
{
"name": "ibm-websphere-cve20140959-dos(92741)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "PI16462",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462"
},
{
"name": "ibm-websphere-cve20140959-dos(92741)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "PI16462",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462"
},
{
"name": "ibm-websphere-cve20140959-dos(92741)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0959",
"datePublished": "2014-05-22T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5675
Vulnerability from cvelistv5
Published
2008-12-18 22:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33132 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.osvdb.org/50720 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2008/3427 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27007603 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33132"
},
{
"name": "PK75304",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304"
},
{
"name": "50720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/50720"
},
{
"name": "ADV-2008-3427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to \"Access problems with BasicAuthTAI.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-30T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33132"
},
{
"name": "PK75304",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304"
},
{
"name": "50720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/50720"
},
{
"name": "ADV-2008-3427",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007603"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to \"Access problems with BasicAuthTAI.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33132"
},
{
"name": "PK75304",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304"
},
{
"name": "50720",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50720"
},
{
"name": "ADV-2008-3427",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3427"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007603",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007603"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5675",
"datePublished": "2008-12-18T22:00:00",
"dateReserved": "2008-12-18T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1420
Vulnerability from cvelistv5
Published
2018-10-01 15:00
Modified
2024-09-16 17:47
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=swg22014276 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041767 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181420-improper-access(138950)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"name": "1041767",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:N/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181420-improper-access(138950)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"name": "1041767",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181420-improper-access(138950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22014276",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"name": "1041767",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1420",
"datePublished": "2018-10-01T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:47:39.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5379
Vulnerability from cvelistv5
Published
2013-11-13 15:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21655635 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86930 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655635"
},
{
"name": "was-portal-cve20135379-xss(86930)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86930"
},
{
"name": "PM96047",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655635"
},
{
"name": "was-portal-cve20135379-xss(86930)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86930"
},
{
"name": "PM96047",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655635",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655635"
},
{
"name": "was-portal-cve20135379-xss(86930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86930"
},
{
"name": "PM96047",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5379",
"datePublished": "2013-11-13T15:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1908
Vulnerability from cvelistv5
Published
2015-04-24 23:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032189 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21701566 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/74218 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"name": "PI37661",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661"
},
{
"name": "74218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032189",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"name": "PI37661",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661"
},
{
"name": "74218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74218"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032189"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"name": "PI37661",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661"
},
{
"name": "74218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74218"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1908",
"datePublished": "2015-04-24T23:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3128
Vulnerability from cvelistv5
Published
2007-06-19 17:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/24513 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/34164 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34896 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/2237 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/471629/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.netvigilance.com/advisory0033 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24513",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24513"
},
{
"name": "34164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34164"
},
{
"name": "20070617 WSPortal version 1.0 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html"
},
{
"name": "wsportal-content-sql-injection(34896)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34896"
},
{
"name": "ADV-2007-2237",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2237"
},
{
"name": "20070617 WSPortal version 1.0 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471629/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24513",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24513"
},
{
"name": "34164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34164"
},
{
"name": "20070617 WSPortal version 1.0 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html"
},
{
"name": "wsportal-content-sql-injection(34896)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34896"
},
{
"name": "ADV-2007-2237",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2237"
},
{
"name": "20070617 WSPortal version 1.0 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471629/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24513",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24513"
},
{
"name": "34164",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34164"
},
{
"name": "20070617 WSPortal version 1.0 SQL Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html"
},
{
"name": "wsportal-content-sql-injection(34896)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34896"
},
{
"name": "ADV-2007-2237",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2237"
},
{
"name": "20070617 WSPortal version 1.0 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471629/100/0/threaded"
},
{
"name": "http://www.netvigilance.com/advisory0033",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3128",
"datePublished": "2007-06-19T17:00:00",
"dateReserved": "2007-06-07T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1672
Vulnerability from cvelistv5
Published
2018-10-01 15:00
Modified
2024-09-17 01:55
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/144958 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1041766 | vdb-entry, x_refsource_SECTRACK | |
| https://www.ibm.com/support/docview.wss?uid=ibm10716981 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:H/AV:N/C:L/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "H",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041766"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10716981",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1672",
"datePublished": "2018-10-01T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:55:59.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0899
Vulnerability from cvelistv5
Published
2009-06-03 16:33
Modified
2024-08-07 04:48
Severity ?
EPSS score ?
Summary
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35406 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21375859 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50882 | vdb-entry, x_refsource_XF | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375859"
},
{
"name": "websphere-issecurityenabled-info-disclosure(50882)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50882"
},
{
"name": "PK78134",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375859"
},
{
"name": "websphere-issecurityenabled-info-disclosure(50882)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50882"
},
{
"name": "PK78134",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35406"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21375859",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375859"
},
{
"name": "websphere-issecurityenabled-info-disclosure(50882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50882"
},
{
"name": "PK78134",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0899",
"datePublished": "2009-06-03T16:33:00",
"dateReserved": "2009-03-14T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4834
Vulnerability from cvelistv5
Published
2012-11-30 19:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/51281 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ibm.com/support/docview.wss?uid=swg24033155 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78914 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344 | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=swg21617713 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51281"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24033155"
},
{
"name": "websphere-portal-layloader-dir-traversal(78914)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21617713"
},
{
"name": "PM76354",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "51281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51281"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24033155"
},
{
"name": "websphere-portal-layloader-dir-traversal(78914)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21617713"
},
{
"name": "PM76354",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51281"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24033155",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24033155"
},
{
"name": "websphere-portal-layloader-dir-traversal(78914)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78914"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21617713",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21617713"
},
{
"name": "PM76354",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-4834",
"datePublished": "2012-11-30T19:00:00",
"dateReserved": "2012-09-06T00:00:00",
"dateUpdated": "2024-08-06T20:50:17.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2925
Vulnerability from cvelistv5
Published
2016-08-08 01:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036454 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21986461 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/92180 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461"
},
{
"name": "PI62749",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749"
},
{
"name": "92180",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1036454",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461"
},
{
"name": "PI62749",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749"
},
{
"name": "92180",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036454"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461"
},
{
"name": "PI62749",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749"
},
{
"name": "92180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2925",
"datePublished": "2016-08-08T01:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1189
Vulnerability from cvelistv5
Published
2017-09-07 16:00
Modified
2024-08-05 13:25
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039268 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100699 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22008028 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/123558 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039268",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039268"
},
{
"name": "100699",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100699"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008028"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-12T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1039268",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039268"
},
{
"name": "100699",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100699"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008028"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039268",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039268"
},
{
"name": "100699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100699"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008028",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008028"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1189",
"datePublished": "2017-09-07T16:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0243
Vulnerability from cvelistv5
Published
2016-02-29 11:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI54088 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.ibm.com/support/docview.wss?uid=swg21975358 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/83488 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/100572 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI54088",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI54088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "83488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83488"
},
{
"name": "100572",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI54088",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI54088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "83488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83488"
},
{
"name": "100572",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100572"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI54088",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI54088"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21975358",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"name": "83488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83488"
},
{
"name": "100572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100572"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0243",
"datePublished": "2016-02-29T11:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2950
Vulnerability from cvelistv5
Published
2013-06-03 21:00
Modified
2024-08-06 15:52
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21638864 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83618 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638864"
},
{
"name": "PM85071",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071"
},
{
"name": "was-portal-cve20132950-response-splitting(83618)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83618"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638864"
},
{
"name": "PM85071",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071"
},
{
"name": "was-portal-cve20132950-response-splitting(83618)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83618"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21638864",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638864"
},
{
"name": "PM85071",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071"
},
{
"name": "was-portal-cve20132950-response-splitting(83618)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83618"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-2950",
"datePublished": "2013-06-03T21:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8912
Vulnerability from cvelistv5
Published
2015-10-28 18:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI47714 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1033988 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21963226 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI47714",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47714"
},
{
"name": "1033988",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033988"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI47714",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47714"
},
{
"name": "1033988",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033988"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI47714",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47714"
},
{
"name": "1033988",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033988"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963226",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-8912",
"datePublished": "2015-10-28T18:00:00",
"dateReserved": "2014-11-14T00:00:00",
"dateUpdated": "2024-08-06T13:33:12.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7419
Vulnerability from cvelistv5
Published
2015-11-14 02:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21969906 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI50952 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1034146 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969906"
},
{
"name": "PI50952",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50952"
},
{
"name": "1034146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969906"
},
{
"name": "PI50952",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50952"
},
{
"name": "1034146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969906",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969906"
},
{
"name": "PI50952",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50952"
},
{
"name": "1034146",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7419",
"datePublished": "2015-11-14T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1917
Vulnerability from cvelistv5
Published
2015-07-14 14:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032970 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/75479 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI38732 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21958024 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032970"
},
{
"name": "75479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75479"
},
{
"name": "PI38732",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032970"
},
{
"name": "75479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75479"
},
{
"name": "PI38732",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032970"
},
{
"name": "75479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75479"
},
{
"name": "PI38732",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38732"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1917",
"datePublished": "2015-07-14T14:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1156
Vulnerability from cvelistv5
Published
2017-05-05 19:00
Modified
2024-08-05 13:25
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22000153 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038390 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98340 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | WebSphere Portal |
Version: 8.5, 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000153"
},
{
"name": "1038390",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038390"
},
{
"name": "98340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98340"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0"
}
]
}
],
"datePublic": "2017-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000153"
},
{
"name": "1038390",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038390"
},
{
"name": "98340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98340"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5, 9.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22000153",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000153"
},
{
"name": "1038390",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038390"
},
{
"name": "98340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98340"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1156",
"datePublished": "2017-05-05T19:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1423
Vulnerability from cvelistv5
Published
2017-12-20 18:00
Modified
2024-09-17 03:58
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=swg22011400 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040017 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/127476 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22011400"
},
{
"name": "1040017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2017-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22011400"
},
{
"name": "1040017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-15T00:00:00",
"ID": "CVE-2017-1423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22011400",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22011400"
},
{
"name": "1040017",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040017"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1423",
"datePublished": "2017-12-20T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T03:58:45.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1698
Vulnerability from cvelistv5
Published
2017-12-27 16:00
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22011519 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102281 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/134390 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040043 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22011519"
},
{
"name": "102281",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102281"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390"
},
{
"name": "1040043",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2017-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22011519"
},
{
"name": "102281",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102281"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390"
},
{
"name": "1040043",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-12-21T00:00:00",
"ID": "CVE-2017-1698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22011519",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22011519"
},
{
"name": "102281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102281"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390"
},
{
"name": "1040043",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1698",
"datePublished": "2017-12-27T16:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:41:18.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1010
Vulnerability from cvelistv5
Published
2009-04-15 10:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1022055 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/34461 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/34693 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/53749 | vdb-entry, x_refsource_OSVDB | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660640 | x_refsource_CONFIRM | |
| http://www.us-cert.gov/cas/techalerts/TA09-105A.html | third-party-advisory, x_refsource_CERT | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022055",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "34693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34693"
},
{
"name": "53749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-18T16:57:02",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "1022055",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "34693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34693"
},
{
"name": "53749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022055",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "53749",
"refsource": "OSVDB",
"url": "http://osvdb.org/53749"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2009-1010",
"datePublished": "2009-04-15T10:00:00",
"dateReserved": "2009-03-19T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4219
Vulnerability from cvelistv5
Published
2010-11-09 20:00
Modified
2024-09-17 00:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PK91972 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.vupen.com/english/advisories/2010/2827 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PK91972",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91972"
},
{
"name": "ADV-2010-2827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-09T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "PK91972",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91972"
},
{
"name": "ADV-2010-2827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PK91972",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91972"
},
{
"name": "ADV-2010-2827",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4219",
"datePublished": "2010-11-09T20:00:00Z",
"dateReserved": "2010-11-09T00:00:00Z",
"dateUpdated": "2024-09-17T00:50:45.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4821
Vulnerability from cvelistv5
Published
2014-10-28 19:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95466 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21684651 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/70755 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wsportal-cve20144821-info-disc(95466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95466"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "70755",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70755"
},
{
"name": "PI27710",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wsportal-cve20144821-info-disc(95466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95466"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "70755",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70755"
},
{
"name": "PI27710",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wsportal-cve20144821-info-disc(95466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95466"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "70755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70755"
},
{
"name": "PI27710",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4821",
"datePublished": "2014-10-28T19:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0139
Vulnerability from cvelistv5
Published
2015-03-13 01:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21697213 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031880 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI33329 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:09.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI33329",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-16T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI33329",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"name": "1031880",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031880"
},
{
"name": "PI33329",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0139",
"datePublished": "2015-03-13T01:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:09.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1401
Vulnerability from cvelistv5
Published
2018-02-09 17:00
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/138437 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040331 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102973 | vdb-entry, x_refsource_BID | |
| https://www.ibm.com/support/docview.wss?uid=swg22013097 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138437"
},
{
"name": "1040331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040331"
},
{
"name": "102973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22013097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138437"
},
{
"name": "1040331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040331"
},
{
"name": "102973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22013097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-02-06T00:00:00",
"ID": "CVE-2018-1401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138437",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138437"
},
{
"name": "1040331",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040331"
},
{
"name": "102973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102973"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22013097",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22013097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1401",
"datePublished": "2018-02-09T17:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T04:09:49.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1944
Vulnerability from cvelistv5
Published
2015-07-14 14:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032970 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/75478 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21958024 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI40341 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:41.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032970"
},
{
"name": "75478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75478"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"name": "PI40341",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI40341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1032970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032970"
},
{
"name": "75478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75478"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"name": "PI40341",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI40341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032970"
},
{
"name": "75478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75478"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"name": "PI40341",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI40341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1944",
"datePublished": "2015-07-14T14:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:41.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4814
Vulnerability from cvelistv5
Published
2014-10-28 19:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95391 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/70758 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21684651 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/59740 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wsportal-cve20144814-xee(95391)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95391"
},
{
"name": "70758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70758"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "PI24622",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622"
},
{
"name": "59740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wsportal-cve20144814-xee(95391)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95391"
},
{
"name": "70758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70758"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "PI24622",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622"
},
{
"name": "59740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wsportal-cve20144814-xee(95391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95391"
},
{
"name": "70758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70758"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "PI24622",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622"
},
{
"name": "59740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4814",
"datePublished": "2014-10-28T19:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7472
Vulnerability from cvelistv5
Published
2016-02-15 02:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035324 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI53426 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21972736 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035324"
},
{
"name": "PI53426",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI53426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1035324",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035324"
},
{
"name": "PI53426",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI53426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035324",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035324"
},
{
"name": "PI53426",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI53426"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972736",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7472",
"datePublished": "2016-02-15T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6093
Vulnerability from cvelistv5
Published
2014-11-26 02:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21689849 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031359 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/59752 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95921 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/60912 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689849"
},
{
"name": "1031359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031359"
},
{
"name": "59752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59752"
},
{
"name": "ibm-wsportal-cve20146093-xss(95921)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95921"
},
{
"name": "60912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60912"
},
{
"name": "PI24678",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689849"
},
{
"name": "1031359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031359"
},
{
"name": "59752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59752"
},
{
"name": "ibm-wsportal-cve20146093-xss(95921)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95921"
},
{
"name": "60912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60912"
},
{
"name": "PI24678",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689849",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689849"
},
{
"name": "1031359",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031359"
},
{
"name": "59752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59752"
},
{
"name": "ibm-wsportal-cve20146093-xss(95921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95921"
},
{
"name": "60912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60912"
},
{
"name": "PI24678",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6093",
"datePublished": "2014-11-26T02:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0704
Vulnerability from cvelistv5
Published
2010-02-25 00:00
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/38574 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PM05829",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829"
},
{
"name": "38574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-25T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "PM05829",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829"
},
{
"name": "38574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM05829",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829"
},
{
"name": "38574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0704",
"datePublished": "2010-02-25T00:00:00Z",
"dateReserved": "2010-02-24T00:00:00Z",
"dateUpdated": "2024-09-16T19:30:15.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3054
Vulnerability from cvelistv5
Published
2014-07-29 20:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60499 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21677032 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/93528 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60499"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143054-redirect(93528)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93528"
},
{
"name": "PI18909",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "60499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60499"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143054-redirect(93528)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93528"
},
{
"name": "PI18909",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60499"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"name": "ibm-wsputl-cve20143054-redirect(93528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93528"
},
{
"name": "PI18909",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3054",
"datePublished": "2014-07-29T20:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0917
Vulnerability from cvelistv5
Published
2014-05-16 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67339 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21670753 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91979 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:39.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67339"
},
{
"name": "PI14125",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"name": "ibm-iehs-cve20140917-xss(91979)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "67339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67339"
},
{
"name": "PI14125",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"name": "ibm-iehs-cve20140917-xss(91979)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67339"
},
{
"name": "PI14125",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"name": "ibm-iehs-cve20140917-xss(91979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0917",
"datePublished": "2014-05-16T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:39.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1361
Vulnerability from cvelistv5
Published
2018-01-11 17:00
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=swg22012409 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/137158 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1040132 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102501 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22012409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158"
},
{
"name": "1040132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040132"
},
{
"name": "102501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22012409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158"
},
{
"name": "1040132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040132"
},
{
"name": "102501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102501"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-1361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22012409",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22012409"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158"
},
{
"name": "1040132",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040132"
},
{
"name": "102501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102501"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1361",
"datePublished": "2018-01-11T17:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:30:09.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4762
Vulnerability from cvelistv5
Published
2014-09-12 01:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61204 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21681998 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94659 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61204"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"name": "ibm-wsportal-cve20144762-xss(94659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94659"
},
{
"name": "PI21973",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "61204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61204"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"name": "ibm-wsportal-cve20144762-xss(94659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94659"
},
{
"name": "PI21973",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61204"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"name": "ibm-wsportal-cve20144762-xss(94659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94659"
},
{
"name": "PI21973",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4762",
"datePublished": "2014-09-12T01:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0951
Vulnerability from cvelistv5
Published
2014-05-22 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21672572 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI15690 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92624 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "PI15690",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15690"
},
{
"name": "ibm-websphere-cve20140951-xss(92624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "PI15690",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15690"
},
{
"name": "ibm-websphere-cve20140951-xss(92624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "PI15690",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15690"
},
{
"name": "ibm-websphere-cve20140951-xss(92624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0951",
"datePublished": "2014-05-22T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0679
Vulnerability from cvelistv5
Published
2011-01-28 20:29
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43081"
},
{
"name": "websphere-portal-unspecified-info-disclosure(64890)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64890"
},
{
"name": "ADV-2011-0223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0223"
},
{
"name": "PM25698",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25698"
},
{
"name": "VU#375127",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/375127"
},
{
"name": "PM24319",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24319"
},
{
"name": "PM24320",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24320"
},
{
"name": "PM26397",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26397"
},
{
"name": "PM25191",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25191"
},
{
"name": "70688",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70688"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21460422"
},
{
"name": "PM22167",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22167"
},
{
"name": "PM22159",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22159"
},
{
"name": "45989",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a \"modified message.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43081"
},
{
"name": "websphere-portal-unspecified-info-disclosure(64890)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64890"
},
{
"name": "ADV-2011-0223",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0223"
},
{
"name": "PM25698",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25698"
},
{
"name": "VU#375127",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/375127"
},
{
"name": "PM24319",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24319"
},
{
"name": "PM24320",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24320"
},
{
"name": "PM26397",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26397"
},
{
"name": "PM25191",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25191"
},
{
"name": "70688",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70688"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21460422"
},
{
"name": "PM22167",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22167"
},
{
"name": "PM22159",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22159"
},
{
"name": "45989",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a \"modified message.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43081"
},
{
"name": "websphere-portal-unspecified-info-disclosure(64890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64890"
},
{
"name": "ADV-2011-0223",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0223"
},
{
"name": "PM25698",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25698"
},
{
"name": "VU#375127",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/375127"
},
{
"name": "PM24319",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24319"
},
{
"name": "PM24320",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24320"
},
{
"name": "PM26397",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26397"
},
{
"name": "PM25191",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25191"
},
{
"name": "70688",
"refsource": "OSVDB",
"url": "http://osvdb.org/70688"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21460422",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21460422"
},
{
"name": "PM22167",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22167"
},
{
"name": "PM22159",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22159"
},
{
"name": "45989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0679",
"datePublished": "2011-01-28T20:29:00",
"dateReserved": "2011-01-28T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1120
Vulnerability from cvelistv5
Published
2017-03-27 22:00
Modified
2024-08-05 13:25
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038146 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97075 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22000152 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | WebSphere Portal |
Version: 8.5.0 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038146"
},
{
"name": "97075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97075"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "8.5.0"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1038146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038146"
},
{
"name": "97075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97075"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5.0"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038146",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038146"
},
{
"name": "97075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97075"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22000152",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1120",
"datePublished": "2017-03-27T22:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1444
Vulnerability from cvelistv5
Published
2018-03-14 00:00
Modified
2024-09-17 01:41
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040475 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139906 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=swg22014392 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040475",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040475"
},
{
"name": "ibm-websphere-cve20181444-xss(139906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139906"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1040475",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040475"
},
{
"name": "ibm-websphere-cve20181444-xss(139906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139906"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-08T00:00:00",
"ID": "CVE-2018-1444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040475",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040475"
},
{
"name": "ibm-websphere-cve20181444-xss(139906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139906"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22014392",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1444",
"datePublished": "2018-03-14T00:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:41:58.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4998
Vulnerability from cvelistv5
Published
2015-12-21 11:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI47712 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21970176 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034284 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI47712",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "1034284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI47712",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "1034284",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI47712",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47712"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"name": "1034284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4998",
"datePublished": "2015-12-21T11:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1348
Vulnerability from cvelistv5
Published
2010-04-12 17:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/63594 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/39306 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/39305 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/0829 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1023830 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM08667 | vendor-advisory, x_refsource_AIXAPAR | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57613 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "63594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63594"
},
{
"name": "39306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39306"
},
{
"name": "39305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39305"
},
{
"name": "ADV-2010-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0829"
},
{
"name": "1023830",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023830"
},
{
"name": "PM08667",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08667"
},
{
"name": "websphere-login-unspecified(57613)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "63594",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63594"
},
{
"name": "39306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39306"
},
{
"name": "39305",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39305"
},
{
"name": "ADV-2010-0829",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0829"
},
{
"name": "1023830",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023830"
},
{
"name": "PM08667",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08667"
},
{
"name": "websphere-login-unspecified(57613)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "63594",
"refsource": "OSVDB",
"url": "http://osvdb.org/63594"
},
{
"name": "39306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39306"
},
{
"name": "39305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39305"
},
{
"name": "ADV-2010-0829",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0829"
},
{
"name": "1023830",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023830"
},
{
"name": "PM08667",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08667"
},
{
"name": "websphere-login-unspecified(57613)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1348",
"datePublished": "2010-04-12T17:00:00",
"dateReserved": "2010-04-12T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6215
Vulnerability from cvelistv5
Published
2014-12-11 23:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98802 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21691458 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI24434 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wsportal-cve20146215-xss(98802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691458"
},
{
"name": "PI24434",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24434"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wsportal-cve20146215-xss(98802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691458"
},
{
"name": "PI24434",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24434"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wsportal-cve20146215-xss(98802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98802"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21691458",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691458"
},
{
"name": "PI24434",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24434"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6215",
"datePublished": "2014-12-11T23:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4153
Vulnerability from cvelistv5
Published
2009-12-02 16:00
Modified
2024-09-16 20:11
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3367 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/37159 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27014411 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PK93783 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/37526 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3367"
},
{
"name": "37159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"name": "PK93783",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93783"
},
{
"name": "37526",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37526"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-02T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-3367",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3367"
},
{
"name": "37159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"name": "PK93783",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93783"
},
{
"name": "37526",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37526"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3367"
},
{
"name": "37159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37159"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"name": "PK93783",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93783"
},
{
"name": "37526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37526"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4153",
"datePublished": "2009-12-02T16:00:00Z",
"dateReserved": "2009-12-02T00:00:00Z",
"dateUpdated": "2024-09-16T20:11:51.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1217
Vulnerability from cvelistv5
Published
2017-07-05 13:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038797 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ibm.com/support/docview.wss?uid=swg22004348 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/123857 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/99350 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038797",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038797"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004348"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123857"
},
{
"name": "99350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2017-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-06T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1038797",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038797"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004348"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123857"
},
{
"name": "99350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99350"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-28T00:00:00",
"ID": "CVE-2017-1217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038797",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038797"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004348",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004348"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123857",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123857"
},
{
"name": "99350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99350"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1217",
"datePublished": "2017-07-05T13:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:41:47.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4792
Vulnerability from cvelistv5
Published
2014-09-12 01:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95204 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/61204 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21681998 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wsportal-cve20144792-upload(95204)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95204"
},
{
"name": "61204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61204"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"name": "PI23334",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wsportal-cve20144792-upload(95204)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95204"
},
{
"name": "61204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61204"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"name": "PI23334",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wsportal-cve20144792-upload(95204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95204"
},
{
"name": "61204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61204"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"name": "PI23334",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4792",
"datePublished": "2014-09-12T01:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3127
Vulnerability from cvelistv5
Published
2007-06-19 17:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/34164 | vdb-entry, x_refsource_OSVDB | |
| http://www.netvigilance.com/advisory0032 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/471619/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34894 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2007/2237 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/34164"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0032"
},
{
"name": "20070617 WSPortal version 1.0 Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471619/100/0/threaded"
},
{
"name": "wsportal-content-path-disclosure(34894)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34894"
},
{
"name": "20070617 WSPortal version 1.0 Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html"
},
{
"name": "ADV-2007-2237",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a \"\u0027;\" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/34164"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0032"
},
{
"name": "20070617 WSPortal version 1.0 Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471619/100/0/threaded"
},
{
"name": "wsportal-content-path-disclosure(34894)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34894"
},
{
"name": "20070617 WSPortal version 1.0 Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html"
},
{
"name": "ADV-2007-2237",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a \"\u0027;\" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34164",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34164"
},
{
"name": "http://www.netvigilance.com/advisory0032",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0032"
},
{
"name": "20070617 WSPortal version 1.0 Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471619/100/0/threaded"
},
{
"name": "wsportal-content-path-disclosure(34894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34894"
},
{
"name": "20070617 WSPortal version 1.0 Path Disclosure Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html"
},
{
"name": "ADV-2007-2237",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3127",
"datePublished": "2007-06-19T17:00:00",
"dateReserved": "2007-06-07T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0587
Vulnerability from cvelistv5
Published
2013-08-16 01:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21646618 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84345 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646618"
},
{
"name": "wsportal-cve20130587-xss(84345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84345"
},
{
"name": "PM90118",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646618"
},
{
"name": "wsportal-cve20130587-xss(84345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84345"
},
{
"name": "PM90118",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21646618",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646618"
},
{
"name": "wsportal-cve20130587-xss(84345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84345"
},
{
"name": "PM90118",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0587",
"datePublished": "2013-08-16T01:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1009
Vulnerability from cvelistv5
Published
2009-04-15 10:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1022055 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/34461 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/53748 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/34693 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660640 | x_refsource_CONFIRM | |
| http://www.us-cert.gov/cas/techalerts/TA09-105A.html | third-party-advisory, x_refsource_CERT | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022055",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "53748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53748"
},
{
"name": "34693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34693"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-08T23:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "1022055",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "53748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53748"
},
{
"name": "34693",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34693"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022055",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "53748",
"refsource": "OSVDB",
"url": "http://osvdb.org/53748"
},
{
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2009-1009",
"datePublished": "2009-04-15T10:00:00",
"dateReserved": "2009-03-19T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4997
Vulnerability from cvelistv5
Published
2015-10-29 10:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21968474 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI47694 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1033982 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968474"
},
{
"name": "PI47694",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47694"
},
{
"name": "1033982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T21:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968474"
},
{
"name": "PI47694",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47694"
},
{
"name": "1033982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968474",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968474"
},
{
"name": "PI47694",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47694"
},
{
"name": "1033982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4997",
"datePublished": "2015-10-29T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1921
Vulnerability from cvelistv5
Published
2015-05-25 00:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21884060 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/74705 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:41.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI38632",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884060"
},
{
"name": "74705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-22T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI38632",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884060"
},
{
"name": "74705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI38632",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21884060",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884060"
},
{
"name": "74705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1921",
"datePublished": "2015-05-25T00:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:41.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0952
Vulnerability from cvelistv5
Published
2014-05-22 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21672572 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92625 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI16041 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:41.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140952-xss(92625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92625"
},
{
"name": "PI16041",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140952-xss(92625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92625"
},
{
"name": "PI16041",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140952-xss(92625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92625"
},
{
"name": "PI16041",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0952",
"datePublished": "2014-05-22T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:41.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0953
Vulnerability from cvelistv5
Published
2014-08-12 01:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92626 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21680230 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securitytracker.com/id/1030669 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wesphere-cve20140953-xss(92626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "PI16127",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127"
},
{
"name": "1030669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030669"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wesphere-cve20140953-xss(92626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "PI16127",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127"
},
{
"name": "1030669",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030669"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wesphere-cve20140953-xss(92626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92626"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"name": "PI16127",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127"
},
{
"name": "1030669",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030669"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0953",
"datePublished": "2014-08-12T01:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1736
Vulnerability from cvelistv5
Published
2018-09-27 19:00
Modified
2024-09-17 02:01
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041753 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/105490 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/147906 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=ibm10729683 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | WebSphere Portal |
Version: 7.0 Version: 8.0 Version: 8.5 Version: 9.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"name": "105490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"name": "ibm-websphere-cve20181736-open-redirect(147906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 6.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:N/S:C/UI:R/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1041753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"name": "105490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"name": "ibm-websphere-cve20181736-open-redirect(147906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041753",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041753"
},
{
"name": "105490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105490"
},
{
"name": "ibm-websphere-cve20181736-open-redirect(147906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729683",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1736",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:01:25.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0954
Vulnerability from cvelistv5
Published
2014-05-22 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21672572 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92627 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140954-dos(92627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92627"
},
{
"name": "PI15723",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140954-dos(92627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92627"
},
{
"name": "PI15723",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"name": "ibm-websphere-cve20140954-dos(92627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92627"
},
{
"name": "PI15723",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0954",
"datePublished": "2014-05-22T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0918
Vulnerability from cvelistv5
Published
2014-05-16 10:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/67340 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21670753 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91980 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:39.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PI14125",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"name": "67340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"name": "ibm-iehs-cve20140918-traversal(91980)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "PI14125",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"name": "67340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"name": "ibm-iehs-cve20140918-traversal(91980)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI14125",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"name": "67340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67340"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"name": "ibm-iehs-cve20140918-traversal(91980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0918",
"datePublished": "2014-05-16T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:34:39.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4808
Vulnerability from cvelistv5
Published
2014-10-28 19:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95375 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/70757 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21684651 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59740 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PI25993 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wsportal-cve20144808-code-exec(95375)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95375"
},
{
"name": "70757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "59740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59740"
},
{
"name": "PI25993",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI25993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-wsportal-cve20144808-code-exec(95375)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95375"
},
{
"name": "70757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "59740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59740"
},
{
"name": "PI25993",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI25993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wsportal-cve20144808-code-exec(95375)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95375"
},
{
"name": "70757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70757"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"name": "59740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59740"
},
{
"name": "PI25993",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI25993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4808",
"datePublished": "2014-10-28T19:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3016
Vulnerability from cvelistv5
Published
2013-08-21 16:00
Modified
2024-08-06 15:52
Severity ?
EPSS score ?
Summary
IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84350 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21647344 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "wsportal-cve20133016-userdir(84350)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "wsportal-cve20133016-userdir(84350)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wsportal-cve20133016-userdir(84350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84350"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21647344",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-3016",
"datePublished": "2013-08-21T16:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-03-04 22:55
Modified
2024-11-21 01:59
Severity ?
Summary
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x anterior a 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF10, cuando la configuraci\u00f3n wcm.path.traversal.security est\u00e1 habilitada, permite a atacantes remotos evadir restricciones de lectura en un art\u00edculo mediante el acceso a este art\u00edculo dentro de los resultados de b\u00fasqueda."
}
],
"id": "CVE-2013-6730",
"lastModified": "2024-11-21T01:59:37.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-04T22:55:03.257",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89363"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-29 20:55
Modified
2024-11-21 02:07
Severity ?
Summary
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal_unified_task_list_portlet:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF937A0D-82F0-4382-97DA-D9EAEC8444ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3055",
"lastModified": "2024-11-21T02:07:23.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-29T20:55:08.223",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93529"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 14:59
Modified
2024-11-21 02:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados - XSS en el portal de IBM WebSphere 8.0..8 antes de 8.0.0.1 CF17 y 8.5.0 antes de CF06, que permite a usuarios remotos autenticados inyectar secuencias de comandos o HTML arbitrario por medio de una URL manipulada."
}
],
"id": "CVE-2015-1944",
"lastModified": "2024-11-21T02:26:26.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-14T14:59:01.903",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI40341"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/75478"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1032970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI40341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032970"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-15 10:30
Modified
2024-11-21 01:01
Severity ?
Summary
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.0.0.0 | |
| ibm | websphere_portal | 6.0.1.0 | |
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| oracle | application_server | 8.2.2 | |
| oracle | application_server | 8.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03943E63-9F03-45F9-9BE7-38C9B56C146A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F77E8E37-9AFB-4C1A-A1EC-ACCFB6AE0A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server 8.2.2 y 8.3.0 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad, relacionado con HTML, una vulnerabilidad diferente a CVE-2009-1008."
}
],
"id": "CVE-2009-1010",
"lastModified": "2024-11-21T01:01:27.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-15T10:30:00.983",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/53749"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/34693"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/53749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/34693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-19 01:52
Modified
2024-11-21 00:54
Severity ?
Summary
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | * | |
| ibm | websphere_portal | 6.0.0.0 | |
| ibm | websphere_portal | 6.0.0.1 | |
| ibm | websphere_portal | 6.0.1.1 | |
| ibm | websphere_portal | 6.0.1.2 | |
| ibm | websphere_portal | 6.0.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "169E7B27-1905-4BAB-9F15-4AB66D626880",
"versionEndIncluding": "6.0.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to \"Access problems with BasicAuthTAI.\""
},
{
"lang": "es",
"value": "Vulnerabilidad inespecifica en IBM WebSphere Portal v6.0 anteriores a v6.0.1.5 tiene un impacto desconocido y vectores de ataque relacionados con \"problemas de acceso con BasicAuthTAI\"."
}
],
"id": "CVE-2008-5675",
"lastModified": "2024-11-21T00:54:36.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-19T01:52:57.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33132"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007603"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/50720"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/50720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3427"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-12 05:01
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.0 hasta 6.1.0.6 CF27, 6.1.5.0 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, y 8.0.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-0953",
"lastModified": "2024-11-21T02:03:06.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-12T05:01:03.590",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92626"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-03 22:59
Modified
2024-11-21 02:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | content_template_catalog | * | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | content_template_catalog | * | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:content_template_catalog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "819713CE-C6C3-4EC6-B00D-31DB7076C927",
"versionEndIncluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:content_template_catalog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1307478C-16C9-4EFD-8ABE-465120833956",
"versionEndIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Content Template Catalog 4.x en versiones anteriores a 4.1.4 para WebSphere Portal 8.0.x y 4.x en versiones anteriores a 4.3.1 para WebSphere Portal 8.5.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-0195",
"lastModified": "2024-11-21T02:22:30.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-03T22:59:07.393",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958969"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-19 17:30
Modified
2024-11-21 00:32
Severity ?
Summary
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2C6181-C0C5-4F0A-A800-663CC9DAD9E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en content.php de WSPortal 1.0, cuando magic_quotes_gpc est\u00e1 deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro page."
}
],
"evaluatorImpact": "Successful exploitation requires PHP magic_quotes_gpc set to OFF.",
"id": "CVE-2007-3128",
"lastModified": "2024-11-21T00:32:28.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-19T17:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.netvigilance.com/advisory0033"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/34164"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471629/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24513"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2237"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0369.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.netvigilance.com/advisory0033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/34164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471629/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34896"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-25 00:59
Modified
2024-11-21 02:26
Severity ?
Summary
Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en IBM WebSphere Portal 8.0.0 anterior a 8.0.0.1 CF17 y 8.5.0 anterior a CF06 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL manipulada."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-1921",
"lastModified": "2024-11-21T02:26:24.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T00:59:11.730",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884060"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74705"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-13 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.x anterior a la versi\u00f3n 8.0.0.1 CF8 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario mediante el aprovechamiento de integraciones incorrectas de IBM Connections."
}
],
"id": "CVE-2013-5378",
"lastModified": "2024-11-21T01:57:23.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-13T15:55:03.563",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95881"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97593"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655634"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM95881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM97593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86929"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-27 11:59
Modified
2024-11-21 02:26
Severity ?
Summary
The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356 | ||
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21701566 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/74216 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1032189 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21701566 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74216 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032189 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests."
},
{
"lang": "es",
"value": "Remote Document Conversion Service (DCS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de solicitudes manipuladas."
}
],
"id": "CVE-2015-1886",
"lastModified": "2024-11-21T02:26:20.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-27T11:59:05.110",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74216"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032189"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-09 17:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102973 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040331 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138437 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22013097 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102973 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040331 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138437 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22013097 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 138437."
}
],
"id": "CVE-2018-1401",
"lastModified": "2024-11-21T03:59:45.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-09T17:29:00.350",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102973"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040331"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138437"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22013097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22013097"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-28 21:00
Modified
2024-11-21 01:24
Severity ?
Summary
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.0.1.1 | |
| ibm | websphere_portal | 6.0.1.2 | |
| ibm | websphere_portal | 6.0.1.3 | |
| ibm | websphere_portal | 6.0.1.4 | |
| ibm | websphere_portal | 6.0.1.5 | |
| ibm | websphere_portal | 6.0.1.6 | |
| ibm | websphere_portal | 6.0.1.7 | |
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 7.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F74AC-2B5E-4B6C-9551-576A4F312BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC51FA38-1C63-47F5-A4CF-1128396B62C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF550E47-49FB-4EBC-83E7-4CFCB7279FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a \"modified message.\""
},
{
"lang": "es",
"value": "IBM WebSphere Portal v6.0.1.1 hasta v7.0.0.0, como el utilizado en IBM Lotus Web Content Management (WCM) e IBM Lotus Quickr para WebSphere Portal, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un \"mensaje modificado.\""
}
],
"id": "CVE-2011-0679",
"lastModified": "2024-11-21T01:24:36.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-28T21:00:31.123",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70688"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43081"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22159"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22167"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24319"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24320"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25191"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25698"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26397"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21460422"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/375127"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45989"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0223"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM25698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM26397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21460422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/375127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64890"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-30 19:55
Modified
2024-11-21 01:43
Severity ?
Summary
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf002:*:*:*:*:*:*",
"matchCriteriaId": "9E1F6463-557F-4582-95AD-93B2F1E12B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf003:*:*:*:*:*:*",
"matchCriteriaId": "FCBC4670-6513-4DE9-9187-5A8A5D088A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf004:*:*:*:*:*:*",
"matchCriteriaId": "E92E848E-ECC3-46F9-9AB6-72260B791EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf005:*:*:*:*:*:*",
"matchCriteriaId": "EDF6E3B5-8707-4D70-AD03-8E35E8DC69A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf006:*:*:*:*:*:*",
"matchCriteriaId": "7EB4341E-D73A-430F-A25E-879E01E08E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf007:*:*:*:*:*:*",
"matchCriteriaId": "3B71DD10-7D04-4191-8453-6031134828B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf008:*:*:*:*:*:*",
"matchCriteriaId": "C3CC8276-B821-49FD-A2D1-063982D263C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf009:*:*:*:*:*:*",
"matchCriteriaId": "FBA7875F-F59E-4C42-9776-0F1DB713AAB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf010:*:*:*:*:*:*",
"matchCriteriaId": "335D6870-8F86-4218-B3DD-0A382FEF0DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en LayerLoader.jsp en el componente tem\u00e1tico en IBM WebSphere Portal v7.0.0.1 y v7.0.0.2 antes de CF19 y v8.0 antes de CF03 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de un URI dise\u00f1ada para tal fin.\r\n"
}
],
"id": "CVE-2012-4834",
"lastModified": "2024-11-21T01:43:35.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-30T19:55:01.143",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51281"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21617713"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24033155"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21617713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg24033155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78914"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-29 20:55
Modified
2024-11-21 02:07
Severity ?
Summary
The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal_unified_task_list_portlet:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF937A0D-82F0-4382-97DA-D9EAEC8444ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors."
},
{
"lang": "es",
"value": "El portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible a cerca de las variables de entornos y las versiones JAR a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3056",
"lastModified": "2024-11-21T02:07:23.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-29T20:55:08.287",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93530"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-21 16:55
Modified
2024-11-21 01:52
Severity ?
Summary
IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 8.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting."
},
{
"lang": "es",
"value": "IBM WebSphere Portal v6.1, v7.0, y v8.0 permite a atacantes remotos acceder al directorio de usuario a trav\u00e9s de una solicitud manipulada por un servlet, relacionado con la configuraci\u00f3n \"serveServletsByClassnameEnabled\"."
}
],
"id": "CVE-2013-3016",
"lastModified": "2024-11-21T01:52:50.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-21T16:55:11.080",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647344"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84350"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-22 15:16
Modified
2024-11-21 01:59
Severity ?
Summary
IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute=\"always\" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Websphere Portal 8.0.0.1 anteriores a CF09 no maneja apropiadamente referencias en componentes de navegador Web COntent Manager (WCM) compute=\"always\", lo cual permite a atacantes remotos obtener informaci\u00f3n sensible de componentes a tra\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6723",
"lastModified": "2024-11-21T01:59:37.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-22T15:16:04.410",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://osvdb.org/101271"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Not Applicable"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05684"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64488"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI05684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89278"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-11 16:29
Modified
2024-11-21 03:59
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040644 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/140918 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22015317 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040644 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/140918 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22015317 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 9.0 | |
| ibm | websphere_portal | 9.0 | |
| ibm | websphere_portal | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf1:*:*:*:*:*:*",
"matchCriteriaId": "EA29BAC6-C8A4-4E7D-9657-55187EF93976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf2:*:*:*:*:*:*",
"matchCriteriaId": "C5C13822-6429-4B77-89CC-E7845FFA14D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf3:*:*:*:*:*:*",
"matchCriteriaId": "392ACE90-C966-4438-9B05-3ECCE2075C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf4:*:*:*:*:*:*",
"matchCriteriaId": "4C513C48-0CE3-4AD9-968E-EF52D876DFC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf5:*:*:*:*:*:*",
"matchCriteriaId": "3D659480-730D-43EA-A023-01502554DFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf6:*:*:*:*:*:*",
"matchCriteriaId": "428DE1AE-5EAB-4ED9-A624-0F68100D66F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf7:*:*:*:*:*:*",
"matchCriteriaId": "5B5F60DD-37BB-4879-B92F-DEF202AFB64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf8:*:*:*:*:*:*",
"matchCriteriaId": "228E4263-D9E3-4B79-B60E-E5AFBE980B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf9:*:*:*:*:*:*",
"matchCriteriaId": "B745C736-CF0F-4B1F-ACF7-0B012CA51884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFC1C53-61B8-41EC-B99D-1100D29F3992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "1983DFA3-9926-4220-872E-BCBE3C64DF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "554F1FFE-BB76-443D-AD4F-058B6964E060",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 140918."
}
],
"id": "CVE-2018-1483",
"lastModified": "2024-11-21T03:59:54.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-11T16:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040644"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-11 23:59
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 7.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C957A5D3-171E-46EB-9DE1-0186CB697A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7981C29-E5E0-4AFC-B062-7B469231C72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A790999F-42E2-40CD-94CA-0314343BA0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:14:*:*:*:*:*:*",
"matchCriteriaId": "EFE040D2-1112-48E3-862B-CC641A61F576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BDAB11-D097-4D54-A5A5-7BA837408366",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 anterior a 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-6215",
"lastModified": "2024-11-21T02:13:58.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-11T23:59:00.093",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24434"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691458"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98802"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 11:14
Modified
2024-11-21 02:03
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*",
"matchCriteriaId": "C7CEA4A0-062F-4B95-92CE-56F0298BD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de una redirecci\u00f3n de inicio de sesi\u00f3n."
}
],
"id": "CVE-2014-0959",
"lastModified": "2024-11-21T02:03:06.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-22T11:14:14.910",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92741"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 00:29
Modified
2024-11-21 03:59
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040475 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/139906 | VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22014392 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040475 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/139906 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22014392 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 9.0.0.0 | |
| ibm | websphere_portal | 9.0.0.0 | |
| ibm | websphere_portal | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 139906."
}
],
"id": "CVE-2018-1444",
"lastModified": "2024-11-21T03:59:50.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T00:29:00.497",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040475"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139906"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014392"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 11:14
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*",
"matchCriteriaId": "C7CEA4A0-062F-4B95-92CE-56F0298BD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en googlemap.jsp en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0956",
"lastModified": "2024-11-21T02:03:06.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-22T11:14:14.783",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16040"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92629"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-19 17:30
Modified
2024-11-21 00:32
Severity ?
Summary
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2C6181-C0C5-4F0A-A800-663CC9DAD9E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a \"\u0027;\" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message."
},
{
"lang": "es",
"value": "content.php de WSPortal 1.0, cuando magic_quotes_gpc est\u00e1 deshabilitado, permite a atacantes remotos obtener informaci\u00f3n sensible mediante una secuencia \"\u0027;\" (comilla simple, punto y coma) en el par\u00e1metro page, lo cual revela la ruta de instalaci\u00f3n en el mensaje de SQL forzado resultante."
}
],
"evaluatorImpact": "Successful exploitation requires PHP magic_quotes_gpc set to OFF.",
"id": "CVE-2007-3127",
"lastModified": "2024-11-21T00:32:28.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-19T17:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.netvigilance.com/advisory0032"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/34164"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471619/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2237"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0368.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.netvigilance.com/advisory0032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/34164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471619/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34894"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-13 01:59
Modified
2024-11-21 02:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF15 y 8.5.0 anterior a CF05 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-0139",
"lastModified": "2024-11-21T02:22:26.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-13T01:59:26.583",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33329"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1031880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031880"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-07 16:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22008028 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100699 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1039268 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/123558 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22008028 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100699 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039268 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/123558 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558."
},
{
"lang": "es",
"value": "IBM WebSphere Portal y Web Content Manager 6.1, 7.0 y 8.0 son vulnerables a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 123558."
}
],
"id": "CVE-2017-1189",
"lastModified": "2024-11-21T03:21:27.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-07T16:29:00.270",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008028"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100699"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039268"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-09 17:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012416 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040333 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/136005 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012416 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040333 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/136005 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 136005."
}
],
"id": "CVE-2017-1761",
"lastModified": "2024-11-21T03:22:19.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-09T17:29:00.227",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012416"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040333"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136005"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-11 21:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22008031 | Issue Tracking, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102183 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/130733 | Issue Tracking, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22008031 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102183 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/130733 | Issue Tracking, VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0 | |
| ibm | websphere_portal | 8.0 | |
| ibm | websphere_portal | 8.5 | |
| ibm | websphere_portal | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853E2D77-FE89-4F4E-9C06-861BB3385B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F97CDB5F-2EA4-41E8-857B-5D76004C60B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFC1C53-61B8-41EC-B99D-1100D29F3992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733."
},
{
"lang": "es",
"value": "IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 130733."
}
],
"id": "CVE-2017-1536",
"lastModified": "2024-11-21T03:22:02.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-11T21:29:00.377",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008031"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102183"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130733"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-01 14:29
Modified
2024-11-21 03:59
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041767 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22014276 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041767 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22014276 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 restablece las opciones de control de acceso a su configuraci\u00f3n de f\u00e1brica durante la instalaci\u00f3n Combined Cumulative Fix (CF). Esto puede conducir a una mala configuraci\u00f3n del seguridad de la instalaci\u00f3n. IBM X-Force ID: 138950."
}
],
"id": "CVE-2018-1420",
"lastModified": "2024-11-21T03:59:47.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-01T14:29:00.313",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-09 21:00
Modified
2024-11-21 01:20
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en SemanticTagService.js en IBM WebSphere Portal v6.1.0.1 permite a atacantes remotos inyecatar c\u00f3digo web o HTML a trav\u00e9s de vectores no especificados. NOTA: NOTA: algunos de estos detalles han sido obtenidos de terceras partes."
}
],
"id": "CVE-2010-4219",
"lastModified": "2024-11-21T01:20:28.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-09T21:00:06.303",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91972"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2827"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-27 11:59
Modified
2024-11-21 02:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF16, y 8.5.0 hasta CF05, utilizado en Web Content Manager y otros productos, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-1908",
"lastModified": "2024-11-21T02:26:23.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-27T11:59:06.360",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/74218"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1032189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032189"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 16:30
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el componente Collaboration en IBM WebSphere Portal v6.1.x anterior v6.1.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s la etiqueta del selector de personas."
}
],
"id": "CVE-2009-4152",
"lastModified": "2024-11-21T01:09:02.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-02T16:30:00.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37526"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37159"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3367"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-18 03:55
Modified
2024-11-21 01:57
Severity ?
Summary
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.0.0.0 | |
| ibm | websphere_portal | 6.0.0.1 | |
| ibm | websphere_portal | 6.0.1.0 | |
| ibm | websphere_portal | 6.0.1.1 | |
| ibm | websphere_portal | 6.0.1.2 | |
| ibm | websphere_portal | 6.0.1.3 | |
| ibm | websphere_portal | 6.0.1.4 | |
| ibm | websphere_portal | 6.0.1.5 | |
| ibm | websphere_portal | 6.0.1.6 | |
| ibm | websphere_portal | 6.1 | |
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F74AC-2B5E-4B6C-9551-576A4F312BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC51FA38-1C63-47F5-A4CF-1128396B62C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82F35693-3EF6-440F-96B2-99A5756FCCF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.0 hasta la 6.0.1.7, 6.1.0 hasta la 6.1.0.6 CF27, 6.1.5 hasta la 6.1.5.3 CF27, 7.0 hasta la 7.0.0.2 CF25, y 8.0 hasta la 8.0.0.1 CF08 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de un URL modificado."
}
],
"id": "CVE-2013-5454",
"lastModified": "2024-11-21T01:57:30.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-18T03:55:06.007",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655656"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88253"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-27 05:59
Modified
2024-11-21 02:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.5.0 en versiones anteriores a CF09 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-0209",
"lastModified": "2024-11-21T02:41:16.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-27T05:59:03.417",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974564"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1034844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034844"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-27 17:08
Modified
2024-11-21 03:22
Severity ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22011519 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102281 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040043 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134390 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22011519 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102281 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040043 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134390 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podr\u00eda revelar informaci\u00f3n sensible en un mensaje de error, lo que podr\u00eda dar lugar a m\u00e1s ataques contra el sistema. IBM X-Force ID: 124390."
}
],
"id": "CVE-2017-1698",
"lastModified": "2024-11-21T03:22:14.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-27T17:08:17.607",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22011519"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102281"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040043"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22011519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134390"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-03 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Content Manager - Web Content Viewer Portlet in the server in IBM WebSphere Portal 7.0.0.x through 7.0.0.2 CF22 and 8.0.0.x through 8.0.0.1 CF5, when the IBM Portlet API is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en Web Content Manager - Web Content Viewer Portlet en el servidor IBM WebSphere Portal v7.0.0.x hasta v7.0.0.2 CF22 y v8.0.0.x hasta v8.0.0.1 CF5, cuando se utiliza la API IBM Portlet, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2013-0549",
"lastModified": "2024-11-21T01:47:45.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-06-03T21:55:01.627",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM84525"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638984"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM84525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82762"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-02 03:58
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la implementaci\u00f3n Social Rendering en la integraci\u00f3n de IBM Connections en IBM WebSphere Portal 8.0.0.x anterior a 8.0.0.1 CF11 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0901",
"lastModified": "2024-11-21T02:03:00.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-02T03:58:17.043",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/66559"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91398"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-28 01:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22008586 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101017 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1039405 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/132117 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22008586 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101017 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039405 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/132117 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podr\u00eda permitir que un atacante remoto salte directorios en el sistema. Un atacante podr\u00eda enviar una petici\u00f3n URL especialmente manipulada que contenga secuencias \"punto punto\" (/../) para visualizar archivos arbitrarios en el sistema. IBM X-Force ID: 132117."
}
],
"id": "CVE-2017-1577",
"lastModified": "2024-11-21T03:22:06.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-28T01:29:02.747",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008586"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101017"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039405"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132117"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-28 19:55
Modified
2024-11-21 02:10
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allows remote attackers to determine the validity of filenames via a series of requests."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 proporciona c\u00f3digos de error del servidor web diferentes dependiendo de si un fichero solicitado existe, lo que permite a atacantes remotos determinar la validez de nombres de ficheros a trav\u00e9s de una serie de solicitudes."
}
],
"id": "CVE-2014-4821",
"lastModified": "2024-11-21T02:10:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-28T19:55:02.963",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/70755"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI27710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95466"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-15 10:30
Modified
2024-11-21 01:01
Severity ?
Summary
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 8.1.9 | |
| ibm | websphere_portal | 6.0.0.0 | |
| ibm | websphere_portal | 6.0.1.0 | |
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:8.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2D12B2DE-9584-4644-9A4E-6A627EF61D6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server v8.1.9 que permite a los usuarios locales afectar a la confidencialidad, integridad y disponibilidad en relaci\u00f3n a HTML."
}
],
"id": "CVE-2009-1009",
"lastModified": "2024-11-21T01:01:27.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-15T10:30:00.967",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/53748"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/34693"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/53748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/34693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 17:30
Modified
2024-11-21 01:14
Severity ?
Summary
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.0.1.1 | |
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad inespec\u00edfica en el proceso de inicio de sesi\u00f3n en IBM WebSphere Portal v6.0.1.1, y v6.1.0.x anteriores a v6.1.0.3 Cumulative Fix 03, tiene impacto y vectores desconocidos."
}
],
"id": "CVE-2010-1348",
"lastModified": "2024-11-21T01:14:12.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-12T17:30:00.570",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/63594"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39305"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08667"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39306"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023830"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0829"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57613"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-26 16:55
Modified
2024-11-21 01:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el centro de b\u00fasqueda IBM WebSphere Portal v7.0.0.1 anteriores a CF004 permite a atacantes remotos inyectar script de su elecci\u00f3n o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-2172",
"lastModified": "2024-11-21T01:27:44.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-26T16:55:06.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/72500"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44700"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47954"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM36644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM37009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67594"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 13:10
Modified
2024-11-21 01:59
Severity ?
Summary
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de archivos sin restricci\u00f3n en el portlet Registration/Edit My Profile en IBM WebSphere Portal 7.x anterior a 7.0.0.2 CF27 y 8.x hasta 8.0.0.1 CF09 permite a atacantes remotos causar una denegaci\u00f3n de servicio o modificar datos a trav\u00e9s de vectores no especificados."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\n\n\"CWE-434: Unrestricted Upload of File with Dangerous Type\"",
"id": "CVE-2013-6722",
"lastModified": "2024-11-21T01:59:36.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-14T13:10:30.607",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662873"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21662873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89235"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-28 19:55
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.5.0 anterior a CF03 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-6126",
"lastModified": "2024-11-21T02:13:49.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-28T19:55:03.073",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/70756"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96783"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-15 10:30
Modified
2024-11-21 01:01
Severity ?
Summary
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.0.0.0 | |
| ibm | websphere_portal | 6.0.1.0 | |
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| oracle | application_server | 8.2.2 | |
| oracle | application_server | 8.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03943E63-9F03-45F9-9BE7-38C9B56C146A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F77E8E37-9AFB-4C1A-A1EC-ACCFB6AE0A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server 8.2.2 y 8.3.0 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad, relacionado con HTML, una vulnerabilidad diferente a CVE-2009-1010."
}
],
"id": "CVE-2009-1008",
"lastModified": "2024-11-21T01:01:27.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-15T10:30:00.953",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/53747"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/34693"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/53747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/34693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-29 11:59
Modified
2024-11-21 02:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.x en versiones anteriores a 8.0.0.1 CF20 y 8.5.x en versiones anteriores a 8.5.0.0 CF09 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"evaluatorComment": "Appropriate Vendor Advisory Link: \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21976358\"\u003eHERE\u003c/a\u003e",
"id": "CVE-2015-7491",
"lastModified": "2024-11-21T02:36:52.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-29T11:59:02.997",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56433"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-22 15:16
Modified
2024-11-21 01:59
Severity ?
Summary
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.0.0.0 | |
| ibm | websphere_portal | 6.0.0.1 | |
| ibm | websphere_portal | 6.0.1.0 | |
| ibm | websphere_portal | 6.0.1.1 | |
| ibm | websphere_portal | 6.0.1.2 | |
| ibm | websphere_portal | 6.0.1.3 | |
| ibm | websphere_portal | 6.0.1.4 | |
| ibm | websphere_portal | 6.0.1.5 | |
| ibm | websphere_portal | 6.0.1.6 | |
| ibm | websphere_portal | 6.0.1.7 | |
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F74AC-2B5E-4B6C-9551-576A4F312BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC51FA38-1C63-47F5-A4CF-1128396B62C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF550E47-49FB-4EBC-83E7-4CFCB7279FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL."
},
{
"lang": "es",
"value": "IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permite a atacantes remotos obtener informaci\u00f3n Java Content Repository (JCR) sensile a trav\u00e9s de una URL Web Content Manager (WCM) modificada."
}
],
"id": "CVE-2013-6735",
"lastModified": "2024-11-21T01:59:38.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-22T15:16:04.443",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://osvdb.org/101255"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/56161"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Not Applicable"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64496"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029539"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 01:55
Modified
2024-11-21 01:47
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:*:cf06:*:*:*:*:*:*",
"matchCriteriaId": "451B1435-339A-416A-B23F-5D66BCC70862",
"versionEndIncluding": "8.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4DF048-224A-43DB-A796-44EAF9CD8838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA05BB8A-C367-4A09-87A4-C9D9C46AE52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23785ACE-3F00-430E-B9ED-940A70A3201C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F885AD0-1134-483C-9A69-98AC0D60E79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF22D6E-7B21-4657-89ED-A7EF20BFF81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13570CD6-7D5F-4665-A982-9E83FA25C68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB7016-D077-402A-99C7-E6F6290F1D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C064D03F-D49C-4A2F-A23D-3ADC18EC277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDA430B-8996-43D4-BDBD-07A5C9EDB339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F74AC-2B5E-4B6C-9551-576A4F312BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC51FA38-1C63-47F5-A4CF-1128396B62C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:wp6015_008_01:*:*:*:*:*:*",
"matchCriteriaId": "901C6AC5-531A-4B94-8B9A-3B26F3C5658B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF550E47-49FB-4EBC-83E7-4CFCB7279FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en IBM WebSphere Portal anterior a v8.0.0.1 CF07 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a trav\u00e9s de los temas (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, o (4) PortalWeb2."
}
],
"id": "CVE-2013-0587",
"lastModified": "2024-11-21T01:47:48.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-16T01:55:15.753",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646618"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21646618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84345"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-29 11:59
Modified
2024-11-21 02:41
Severity ?
Summary
The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg1PI56682 | Not Applicable | |
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21975358 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1PI56682 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21975358 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
},
{
"lang": "es",
"value": "El int\u00e9rprete XML en IBM WebSphere Portal 8.0.x en versiones anteriores a 8.0.0.1 CF20 y 8.5.x en versiones anteriores a 8.5.0.0 CF10 permite a usuarios remotos autenticados leer archivos arbitrarios o causar una denegaci\u00f3n de servicio a trav\u00e9s de una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionado con un caso XML External Entity (XXE)."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
"id": "CVE-2016-0245",
"lastModified": "2024-11-21T02:41:21.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-29T11:59:10.767",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Not Applicable"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56682"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-16 11:12
Modified
2024-11-21 02:03
Severity ?
Summary
Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-0918",
"lastModified": "2024-11-21T02:03:02.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-16T11:12:00.447",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/67340"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91980"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-27 17:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22013706 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/103168 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138822 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22013706 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103168 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138822 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 138822."
}
],
"id": "CVE-2018-1416",
"lastModified": "2024-11-21T03:59:46.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-27T17:29:00.350",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013706"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103168"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-13 02:59
Modified
2024-11-21 02:19
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 8.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF29, 8.0.0.x hasta 8.0.0.1 CF15, y 8.5.0 anterior a CF05 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-8909",
"lastModified": "2024-11-21T02:19:55.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-13T02:59:08.267",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI30620"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694738"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI30620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99250"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-12 05:29
Modified
2024-11-21 04:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041845 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/145108 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10731155 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041845 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/145108 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10731155 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7EE3B00E-D18B-43C4-BD15-7E8E1AFDA8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 145108."
}
],
"id": "CVE-2018-1673",
"lastModified": "2024-11-21T04:00:10.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-12T05:29:00.907",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041845"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-31 21:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22004979 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100007 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/125457 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22004979 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100007 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/125457 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0 | |
| ibm | websphere_portal | 8.0 | |
| ibm | websphere_portal | 8.5 | |
| ibm | websphere_portal | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853E2D77-FE89-4F4E-9C06-861BB3385B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F97CDB5F-2EA4-41E8-857B-5D76004C60B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFC1C53-61B8-41EC-B99D-1100D29F3992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457."
},
{
"lang": "es",
"value": "IBM WebSphere Portal y Web Content Manager 7.0, 8.0, 8.5 y 9.0 son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios que incrusten un c\u00f3digo arbitrario JavaScript en la interfaz web de usuario, alterando la funcionalidad y pudiendo provocar que se revelen credenciales en una sesi\u00f3n en la que se conf\u00eda. IBM X-Force ID: 125457."
}
],
"id": "CVE-2017-1303",
"lastModified": "2024-11-21T03:21:40.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-31T21:29:00.533",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004979"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100007"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125457"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-26 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | web_content_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:web_content_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3338B4C9-9AB9-4EDD-B609-CC50A75BFB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en la aplicaci\u00f3n PA_Theme_Creator en IBM WebSphere Portal 8.5 CF08 hasta la versi\u00f3n CF10 y Web Content Manager permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para peticiones que inserten secuencias XSS."
}
],
"id": "CVE-2016-2901",
"lastModified": "2024-11-21T02:49:00.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-26T01:59:02.677",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036143"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2024-11-21 03:00
Severity ?
Summary
Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21993561 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/94413 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21993561 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94413 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | web_content_manager_production_analytics | 4.0 | |
| ibm | websphere_portal | 8.0 | |
| ibm | websphere_portal | 8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:web_content_manager_production_analytics:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E489-9996-4F91-9390-168EA958D4CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F97CDB5F-2EA4-41E8-857B-5D76004C60B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "Exphox WebRadar es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
}
],
"id": "CVE-2016-8922",
"lastModified": "2024-11-21T03:00:18.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:02.833",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993561"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94413"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-13 01:59
Modified
2024-11-21 02:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.5.0 anterior a CF05 permite a usuarios remotos autenticados inyectar secuencias de comandos arbitrarios o HTML a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-0177",
"lastModified": "2024-11-21T02:22:29.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-13T01:59:27.460",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1031880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031880"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-12 01:55
Modified
2024-11-21 02:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF13 y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-4762",
"lastModified": "2024-11-21T02:10:50.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-12T01:55:07.153",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/61204"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94659"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-21 11:59
Modified
2024-11-21 02:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.0 en versiones anteriores a 8.0.0.1 CF19 y 8.5.0 hasta la versi\u00f3n CF08 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-7413",
"lastModified": "2024-11-21T02:36:44.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-12-21T11:59:07.063",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50844"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1034284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034284"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-29 11:59
Modified
2024-11-21 02:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.0.x en versiones anteriores a 8.0.0.1 CF20 y 8.5.x en versiones anteriores a 8.5.0.0 CF09 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"evaluatorComment": "Appropriate Vendor Advisory Link: \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21976358\"\u003eHERE\u003c/a\u003e",
"id": "CVE-2015-7457",
"lastModified": "2024-11-21T02:36:49.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-29T11:59:02.060",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56432"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI56432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-11 16:29
Modified
2024-11-21 01:52
Severity ?
Summary
IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21642097 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/83621 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21642097 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/83621 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621."
},
{
"lang": "es",
"value": "IBM WebSphere Portal en versiones 7.0.0.x y 8.0.0.x escribe contrase\u00f1as a un archivo de rastreo cuando \u00e9ste est\u00e1 habilitado para el Selfcare Portlet (Profile Management), lo que permite que usuarios locales obtengan informaci\u00f3n sensible mediante la lectura del archivo. IBM X-Force ID: 83621."
}
],
"id": "CVE-2013-2951",
"lastModified": "2024-11-21T01:52:44.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-11T16:29:00.393",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-31 05:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5 hasta la versi\u00f3n 6.1.5.3 CF27, 7.0.0 hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.0 en versiones anteriores a 8.0.0.1 CF20 y 8.5.0 en versiones anteriores a CF09 permite a atacantes remotos eludir las restricciones destinadas al acceso de la API REST Portal AccessControl y obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7447",
"lastModified": "2024-11-21T02:36:48.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-31T05:59:27.200",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51395"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973152"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/79511"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1034538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034538"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-11 17:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102501 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040132 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/137158 | VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22012409 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102501 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040132 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/137158 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22012409 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 137158."
}
],
"id": "CVE-2018-1361",
"lastModified": "2024-11-21T03:59:41.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-11T17:29:00.387",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102501"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040132"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22012409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22012409"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-27 19:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105446 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041755 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144886 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10715923 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105446 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041755 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144886 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10715923 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7EE3B00E-D18B-43C4-BD15-7E8E1AFDA8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 144886."
}
],
"id": "CVE-2018-1660",
"lastModified": "2024-11-21T04:00:09.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-27T19:29:00.197",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-17 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | web_content_manager | * | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:web_content_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3338B4C9-9AB9-4EDD-B609-CC50A75BFB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en\r\nPageBuilder2 (Page Builder aka) en IBM WebSphere Portal v7.0.0.1 7.x antes de CF006, como el usado en IBM Content Manager Web (WCM) y otros productos, permite a atacantes remotos inyectar arbitrariamente web script o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-2754",
"lastModified": "2024-11-21T01:28:54.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-17T20:55:01.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45106"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-12 10:59
Modified
2024-11-21 02:55
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5 hasta la versi\u00f3n 6.1.5.3 CF27, 7.0.0 hasta la versi\u00f3n 7.0.0.2 CF30, 8.0.0 hasta la versi\u00f3n 8.0.0.1 CF21 y 8.5.0 en versiones anteriores a CF12 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio mediante la subida de archivos temporales."
}
],
"id": "CVE-2016-5954",
"lastModified": "2024-11-21T02:55:16.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-12T10:59:04.177",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Not Applicable"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67037"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989993"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/93017"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1036762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036762"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-22 15:16
Modified
2024-11-21 01:59
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) UI en IBM Websphere Poral 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.2 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF09 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\u00e9s de vectores que involucran elementos iFRAME."
}
],
"id": "CVE-2013-6328",
"lastModified": "2024-11-21T01:59:00.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-22T15:16:04.397",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://osvdb.org/101269"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/64495"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88909"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-03 21:55
Modified
2024-11-21 01:38
Severity ?
Summary
Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el m\u00f3dulo Dojo en IBM WebSphere Portal v7.0.0.1 y v7.0.0.2 anteriores a vCF14, y v8.0, permite a atacantes remotos leer ficheros locales a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2012-2181",
"lastModified": "2024-11-21T01:38:39.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-03T21:55:01.490",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM64172"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598363"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM64172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75584"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-12 05:01
Modified
2024-11-21 02:10
Severity ?
Summary
IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.0.0 anterior a 8.0.0.1 CF13 y 8.5.0 hasta CF01 proporciona c\u00f3digos de error diferentes para las solicitudes de salto de firewall dependiendo de si existe o no el anfitri\u00f3n de intranet, lo que permite a atacantes remotos mapear la red de la intranet a trav\u00e9s de una serie de solicitudes."
}
],
"id": "CVE-2014-4746",
"lastModified": "2024-11-21T02:10:49.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-12T05:01:03.950",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60612"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21858"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI21858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94348"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-05 19:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5 | |
| ibm | websphere_portal | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F97CDB5F-2EA4-41E8-857B-5D76004C60B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFC1C53-61B8-41EC-B99D-1100D29F3992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592"
},
{
"lang": "es",
"value": "WebSphere Portal de IBM versiones 8.5 y 9.0, podr\u00eda permitir a un atacante remoto conducir ataques de phishing, utilizando un ataque de redireccionamiento abierto. Mediante la persuasi\u00f3n a una v\u00edctima para visitar un sitio Web especialmente dise\u00f1ado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL que se muestra para redireccionar a un usuario a un sitio web malicioso que parece ser de confianza. Esto podr\u00eda permitir al atacante obtener informaci\u00f3n altamente confidencial o conducir m\u00e1s ataques contra la v\u00edctima. IBM X-Force. ID: 122592."
}
],
"id": "CVE-2017-1156",
"lastModified": "2024-11-21T03:21:25.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-05T19:29:00.310",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000153"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/98340"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1038390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/98340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038390"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-15 02:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5 hasta la versi\u00f3n 6.1.5.3 CF27, 7.0.0 hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.0 en versiones anteriores a 8.0.0.1 CF20 y 8.5.0 en versiones anteriores a CF10 permite a atacantes remotos llevar a cabo ataques de inyecci\u00f3n LDAP, y consecuentemente leer o escribir en los datos de repositorio, a trav\u00e9s de vectores no especificados."
}
],
"evaluatorComment": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027) - https://cwe.mitre.org/data/definitions/90.html",
"id": "CVE-2015-7472",
"lastModified": "2024-11-21T02:36:51.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-15T02:59:12.310",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI53426"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972736"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1035324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI53426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035324"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-28 19:55
Modified
2024-11-21 02:10
Severity ?
Summary
Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2014-4808",
"lastModified": "2024-11-21T02:10:54.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-28T19:55:02.870",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59740"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI25993"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/70757"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI25993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95375"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-27 19:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041751 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150096 | VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10732287 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041751 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150096 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10732287 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf16:*:*:*:*:*:*",
"matchCriteriaId": "CBAD9FC6-4E56-4CA8-904D-77AD22329313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 150096."
}
],
"id": "CVE-2018-1820",
"lastModified": "2024-11-21T04:00:27.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-27T19:29:00.837",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 13:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22004348 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99350 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1038797 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/123857 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22004348 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99350 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038797 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/123857 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5 | |
| ibm | websphere_portal | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F97CDB5F-2EA4-41E8-857B-5D76004C60B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFC1C53-61B8-41EC-B99D-1100D29F3992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857"
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.5 y 9.9 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo Javascript aleatorio en la interfaz web lo que alterar\u00eda la funcionalidad planeada y potencialmente llevando a la revelaci\u00f3n de las credenciales dentro de una session confiable. IBM X-Force ID: 123857"
}
],
"id": "CVE-2017-1217",
"lastModified": "2024-11-21T03:21:31.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T13:29:00.253",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004348"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99350"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038797"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123857"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-25 00:59
Modified
2024-11-21 02:26
Severity ?
Summary
IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.5 hasta CF05 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-1899",
"lastModified": "2024-11-21T02:26:21.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-25T00:59:06.807",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37139"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700066"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-28 19:55
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en IBM WebSphere Portal 8.5.0 anterior a CF03 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que insertan secuencias de XSS."
}
],
"id": "CVE-2014-6125",
"lastModified": "2024-11-21T02:13:49.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-28T19:55:03.027",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/70759"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI26889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96782"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 02:59
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF14 y 8.5.0 anteriores a CF04 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de URL manipuladas."
}
],
"id": "CVE-2014-6171",
"lastModified": "2024-11-21T02:13:54.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-19T02:59:01.623",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98383"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 14:59
Modified
2024-11-21 02:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados - XSS en el componente de filtro de contenido activo en el portal de IBM WebSphere 6.1.0 hasta la 6.1.0.6 CF27, 6.1.5 hasta la 6.1.5.3 CF27, 7.0.0 hasta la 7.0.0.2 CF29, 8.0.0 antes de la 8.0.0.1 CF17, y 8.5.0 antes de la CF06, que permite a atacantes remotos inyectar secuencias de comandos o HTML arbitrario por medio de una URL manipulada."
}
],
"id": "CVE-2015-1917",
"lastModified": "2024-11-21T02:26:24.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-14T14:59:00.967",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38732"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/75479"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1032970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032970"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-26 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4DF048-224A-43DB-A796-44EAF9CD8838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA05BB8A-C367-4A09-87A4-C9D9C46AE52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23785ACE-3F00-430E-B9ED-940A70A3201C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F885AD0-1134-483C-9A69-98AC0D60E79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF22D6E-7B21-4657-89ED-A7EF20BFF81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13570CD6-7D5F-4665-A982-9E83FA25C68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB7016-D077-402A-99C7-E6F6290F1D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C064D03F-D49C-4A2F-A23D-3ADC18EC277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDA430B-8996-43D4-BDBD-07A5C9EDB339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F74AC-2B5E-4B6C-9551-576A4F312BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC51FA38-1C63-47F5-A4CF-1128396B62C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF550E47-49FB-4EBC-83E7-4CFCB7279FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9516473F-0533-4326-B880-6B6FD591473D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "773AC6CD-7DDE-4676-8647-26C3B83354DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A502A57D-97DE-424E-B005-B086C1149959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8505A74-332E-4980-ABA2-BEE7E3D7B654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F49CBF7A-9C04-4960-B7B8-6F5C51785C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F535D576-9AC7-4047-8AC3-9F1B5A961DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D9DBB-AA57-4816-8EC6-F7479B5481E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87844DD4-AF06-4A91-973A-F885AD8CA569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC572C9B-BEBE-4619-9B34-73FD8C20F4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BC65C9-BF3E-41C0-ABD7-5587999FDA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2F018F-3356-45B1-AF0B-8E17023A04E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC532381-C1D3-4FE3-9E32-614B91482255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8153B9AE-9969-4D49-8B07-9817E0C37194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "709CE95C-FCC3-4A8B-9A47-8114BDFEAD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F55351DA-AEAC-40FC-B0B0-9CC1D456F651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E67047-A652-4828-BCE9-AB6C369B459F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9A2F08-F9E6-4DC4-AFFD-77B6787FA81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A727B34-8433-4571-AE1B-4F43320F57A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC18431F-8C85-4C3A-85B9-ADA860F6C0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108210EB-FFEF-4D69-A78D-85DA08913766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D993AD7F-81FC-4C82-9303-699B44ECC92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07EE7410-8A88-468A-B773-89D8A93859E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9A7C87-0DCE-4309-B344-AC106B6ECBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6141F9D-42F4-47D2-B340-356F174AA4AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8D8302-74CD-436A-92BD-C08F1254A2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "673674BD-D171-47AF-8169-FBF6346993E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "959CF397-FAC9-488D-96E5-9839EDA77494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A5D8C-6C5C-4666-BDC0-8451D1C9FCB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF4257D6-58F8-4209-BF67-9124D1BA0B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46AF30E4-3301-401B-94E5-D7FA9E62B82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E986062-BBA8-4AA0-AD41-E101FEFD49EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "250DFAAA-67A9-4E64-B1AE-0966EAC05468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA75DD49-E267-4306-84D8-4C3A548841A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53E20727-E021-442A-B7CB-AB1DFEA21374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5434B4A9-1433-469B-8352-D0FDDD033E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA803C8-EDAC-467E-B8CE-A60612AE86F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "812047C9-6477-455E-8739-4407336102F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10A39AB5-4BDB-4027-9F50-91BBFDAE8E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20E03B68-715F-428D-84FD-F800D02DDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE191CE-C2F4-45F7-8CF3-565832E01AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "49CC6237-2E8C-415A-9C09-C8FD3F4C1E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22D7C604-2F9B-4AA0-BEE0-379D2C65321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA1888C-A7F9-4019-8798-524EE7EB8A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33D2422E-141A-414E-B283-E7BF570FFA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C5D9B6-F013-46B7-AE06-609A0B11A8C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30E0AA87-E48E-46C3-B8DD-3C3A90322AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA17FC6-DAE6-4FAC-B3CD-1269689314CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CBEF3F-EB64-42D1-B23A-D3A20F900971",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "980401D7-AAF3-4AE4-9006-83D99170F5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CA670F-E987-44ED-8A2A-62CCA5D037F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3C43CE-8917-4109-A185-93699004638F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "344E13DD-DAFC-4394-8371-B032D117D6AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string."
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento directo en login.jsp en IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), y IBM Lotus Workplace Web Content Management v5.1.0.0 hasta v5.1.0.5, v6.0.0.0 hasta v6.0.0.4, v6.0.1.0 hasta v6.0.1.7, v6.1.0.0 hasta v6.1.0.3, y v6.1.5.0; y IBM Lotus Quickr services v8.0, v8.0.0.2, v8.1, v8.1.1, y v8.1.1.1 para WebSphere Portal; permite a atacantes remotos redireccionar a los usuarios a sitios de su elecci\u00f3n y conducir ataques phising a trav\u00e9s de la cadena de la pregunta."
}
],
"id": "CVE-2010-0715",
"lastModified": "2024-11-21T01:12:48.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-26T19:30:00.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-13 15:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 7.x anterior a la versi\u00f3n 7.0.0.2 CF25 y 8.x anterior a 8.0.0.1 CF8 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario mediante el aprovechamiento de una funcionalidad de etiquetado inapropiada."
}
],
"id": "CVE-2013-5379",
"lastModified": "2024-11-21T01:57:23.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-13T15:55:03.597",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655635"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86930"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 02:59
Modified
2024-11-21 02:19
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el Portlet de Blog en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 hasta 8.0.0.1 CF14 y 8.5.0 anteriores a CF04 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-8902",
"lastModified": "2024-11-21T02:19:55.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-19T02:59:06.217",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI29956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99150"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-17 15:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg22015407 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040647 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/139907 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg22015407 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040647 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/139907 | VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | * | |
| ibm | websphere_portal | 8.5 | |
| ibm | websphere_portal | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EBF7BB-17FC-4FBE-BA0F-A0FDF5F44B10",
"versionEndIncluding": "8.0.0.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F97CDB5F-2EA4-41E8-857B-5D76004C60B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFC1C53-61B8-41EC-B99D-1100D29F3992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907."
},
{
"lang": "es",
"value": "IBM WebSphere Portal, de la versi\u00f3n 8.0.0 hasta la 8.0.0.1, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 139907."
}
],
"id": "CVE-2018-1445",
"lastModified": "2024-11-21T03:59:50.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T15:29:00.317",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-28 19:55
Modified
2024-11-21 02:10
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 anterior a CF03 no detecta debidamente la recursi\u00f3n durante la expansi\u00f3n de entidades, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de memoria y CPU) a trav\u00e9s de un documento XML manipulado que contiene un n\u00famero grande de referencias de entidades anidadas, un problema similar a CVE-2003-1564."
}
],
"id": "CVE-2014-4814",
"lastModified": "2024-11-21T02:10:55.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-28T19:55:02.917",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59740"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/70758"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95391"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-14 03:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg1PI50952 | Vendor Advisory | |
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21969906 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1034146 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1PI50952 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21969906 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034146 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf1:*:*:*:*:*:*",
"matchCriteriaId": "EA29BAC6-C8A4-4E7D-9657-55187EF93976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf2:*:*:*:*:*:*",
"matchCriteriaId": "C5C13822-6429-4B77-89CC-E7845FFA14D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf3:*:*:*:*:*:*",
"matchCriteriaId": "392ACE90-C966-4438-9B05-3ECCE2075C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf4:*:*:*:*:*:*",
"matchCriteriaId": "4C513C48-0CE3-4AD9-968E-EF52D876DFC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf5:*:*:*:*:*:*",
"matchCriteriaId": "3D659480-730D-43EA-A023-01502554DFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf6:*:*:*:*:*:*",
"matchCriteriaId": "428DE1AE-5EAB-4ED9-A624-0F68100D66F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf7:*:*:*:*:*:*",
"matchCriteriaId": "5B5F60DD-37BB-4879-B92F-DEF202AFB64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf8:*:*:*:*:*:*",
"matchCriteriaId": "228E4263-D9E3-4B79-B60E-E5AFBE980B40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.0.0.1 en versiones anteriores a CF19 y 8.5.0 en versiones anteriores a CF09 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de peticiones manipuladas."
}
],
"id": "CVE-2015-7419",
"lastModified": "2024-11-21T02:36:45.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-14T03:59:06.710",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50952"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969906"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI50952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034146"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 11:14
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*",
"matchCriteriaId": "C7CEA4A0-062F-4B95-92CE-56F0298BD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en FilterForm.jsp en IBM WebSphere Portal 7.0 anterior a 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0951",
"lastModified": "2024-11-21T02:03:05.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-22T11:14:14.517",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15690"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92624"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-01 14:29
Modified
2024-11-21 04:00
Severity ?
5.0 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041766 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144958 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10716981 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041766 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144958 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10716981 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7EE3B00E-D18B-43C4-BD15-7E8E1AFDA8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podr\u00eda fracasar a la hora de establecer el contexto de usuario correcto en ciertos escenarios de suplantaci\u00f3n, lo que puede permitir que un usuario act\u00fae con la identidad de otro usuario. IBM X-Force ID: 144958."
}
],
"id": "CVE-2018-1672",
"lastModified": "2024-11-21T04:00:10.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-01T14:29:00.467",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-16 11:12
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Eclipse Help System (IEHS) en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF27 y 8.0 anterior a 8.0.0.1 CF06 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-0917",
"lastModified": "2024-11-21T02:03:02.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-16T11:12:00.367",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/67339"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91979"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-21 11:59
Modified
2024-11-21 02:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5 hasta la versi\u00f3n 6.1.5.3 CF27, 7.0.0 hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.0 en versiones anteriores a 8.0.0.1 CF19 y 8.5.0 en versiones anteriores a CF08 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, una vulnerabilidad diferente a CVE-2015-4998."
}
],
"id": "CVE-2015-4993",
"lastModified": "2024-11-21T02:32:08.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-21T11:59:02.110",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47516"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/78609"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1034284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/78609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034284"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 16:30
Modified
2024-11-21 01:09
Severity ?
Summary
Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el componente XMLAccess en IBM WebSphere Portal v6.1.x anterior a v6.1.0.3 tiene un impacto y vectores de ataque desconocidos, relacionados con el directorio de trabajo."
}
],
"id": "CVE-2009-4153",
"lastModified": "2024-11-21T01:09:02.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-02T16:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37526"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93783"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37159"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3367"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 11:14
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*",
"matchCriteriaId": "C7CEA4A0-062F-4B95-92CE-56F0298BD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en boot_config.jsp en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF28, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0952",
"lastModified": "2024-11-21T02:03:05.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-22T11:14:14.580",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16041"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92625"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-03 17:00
Modified
2024-11-21 01:01
Severity ?
Summary
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg21375859 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/35406 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/50882 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21375859 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35406 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/50882 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | integrated_solutions_console | 6.0.1 | |
| ibm | websphere_application_server | * | |
| ibm | websphere_application_server | * | |
| ibm | websphere_portal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integrated_solutions_console:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "767F0F9A-B9C9-46DB-855D-1ADA1089C073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB17BC-7C69-4F4F-A343-48FD7E78AA8B",
"versionEndIncluding": "6.1.0.24",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B05A31C2-4115-4398-BBD8-979CF465D340",
"versionEndIncluding": "7.0.0.4",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "612E369F-B0DA-4863-B76B-C3DD6283DAC2",
"versionEndExcluding": "6.0.0.0",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server (WAS) v6.1 a la v6.1.0.24 y v7.0 a la v7.0.0.4, IBM WebSphere Portal Server v5.1 a la v6.0, e IBM Integrated Solutions Console (ISC) v6.0.1, no establecen adecuadamente la opci\u00f3n de seguridad IsSecurityEnabled durante la migraci\u00f3n de WebSphere Member Manager (WMM) a Virtual Member Manager (VMM) y a Federated Repository, lo que permite a atacantes obtener informaci\u00f3n sensible de los repositorios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-0899",
"lastModified": "2024-11-21T01:01:10.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-03T17:00:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375859"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/35406"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21375859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/35406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50882"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 02:59
Modified
2024-11-21 02:13
Severity ?
Summary
IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF14 y 8.5.0 anteriores a CF04, cuando est\u00e1 habilitada la configuraci\u00f3n P\u00e1ginas Gestionadas, permite a usuarios remotos autenticados escribir en las p\u00e1ginas a trav\u00e9s de un ataque de inyecci\u00f3n XML."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/91.html\"\u003eCWE-91: XML Injection (aka Blind XPath Injection)\u003c/a\u003e",
"id": "CVE-2014-6193",
"lastModified": "2024-11-21T02:13:56.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T02:59:03.873",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98567"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-13 01:59
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF15 y 8.5.0 anterior a CF05 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que insertan secuencias de XSS."
}
],
"id": "CVE-2014-6214",
"lastModified": "2024-11-21T02:13:58.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-13T01:59:19.537",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1031880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031880"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-20 18:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040017 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/127476 | VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22011400 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040017 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/127476 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22011400 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.5 y 9.0 expone URL del backend del servidor que est\u00e1n configuradas para ser empleadas por el componente Web Application Bridge. IBM X-Force ID: 127476."
}
],
"id": "CVE-2017-1423",
"lastModified": "2024-11-21T03:21:51.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-20T18:29:00.527",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040017"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22011400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22011400"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-12 01:55
Modified
2024-11-21 02:10
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*",
"matchCriteriaId": "C7CEA4A0-062F-4B95-92CE-56F0298BD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf28:*:*:*:*:*:*",
"matchCriteriaId": "F265587B-7DC1-49F9-B42E-6CDE15A96CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, 8.0.0 hasta 8.0.0.1 CF13, y 8.5.0 anterior a CF02 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de disco) mediante la subida de ficheros de gran tama\u00f1o."
}
],
"id": "CVE-2014-4792",
"lastModified": "2024-11-21T02:10:53.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-12T01:55:07.200",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/61204"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95204"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-07-14 14:59
Modified
2024-11-21 02:26
Severity ?
Summary
IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6F27401D-AB52-4C6A-BAA9-516E05CFAF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request."
},
{
"lang": "es",
"value": "Vulnerabilidad en el portal de IBM WebSphere 7.0.0 hasta 7.0.0.2 CF29, 8.0.0 anteriores a 8.0.0.1 CF17 y del 8.5.0 anteriores a CF06, que permite a atacantes remotos obtener informacion sensible del Repositorio de Contenido de Java (JCR) a trav\u00e9s de una petici\u00f3n manipulada."
}
],
"id": "CVE-2015-1887",
"lastModified": "2024-11-21T02:26:20.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-14T14:59:00.090",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI36150"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75475"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1032970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI36150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032970"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-29 11:59
Modified
2024-11-21 02:36
Severity ?
Summary
Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en IBM WebSphere Portal 8.0.x en versiones anteriores a 8.0.0.1 CF20 y 8.5.x en versiones anteriores a 8.5.0.0 CF09 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de una URL manipulada."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e\n\u003cbr /\u003e \u003cbr /\u003e\nAppropriate Vendor Advisory Link: \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21976358\"\u003eHERE\u003c/a\u003e",
"id": "CVE-2015-7428",
"lastModified": "2024-11-21T02:36:46.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-29T11:59:00.123",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51589"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-08 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.x hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5.x hasta la versi\u00f3n 6.1.5.3 CF27, 7.x hasta la versi\u00f3n 7.0.0.2 CF30, 8.0.0.x hasta la versi\u00f3n 8.0.0.1 CF21 y 8.5.0 en versiones anteriores a CF10 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2016-2925",
"lastModified": "2024-11-21T02:49:01.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-08T01:59:10.430",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/92180"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1036454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036454"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 11:14
Modified
2024-11-21 02:03
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*",
"matchCriteriaId": "C7CEA4A0-062F-4B95-92CE-56F0298BD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 no valida JSP Includes, lo que permite a atacantes remotos obtener informaci\u00f3n sensible, evadir restricciones de acceso de solicitar distribuidor o causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-0954",
"lastModified": "2024-11-21T02:03:06.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-22T11:14:14.643",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92627"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-29 11:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.x hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.x en versiones anteriores a 8.0.0.1 CF20 y 8.5.x en versiones anteriores a 8.5.0.0 CF09 usa permisos d\u00e9biles para elementos de contenido, lo que permite a usuarios remotos autenticados hacer modificaciones a trav\u00e9s de la UI de autor."
}
],
"evaluatorComment": "Appropriate Vendor Advisory Link: \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21976358\"\u003eHERE\u003c/a\u003e",
"id": "CVE-2015-7455",
"lastModified": "2024-11-21T02:36:49.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-29T11:59:01.090",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51234"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI51234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-29 20:55
Modified
2024-11-21 02:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal_unified_task_list_portlet:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF937A0D-82F0-4382-97DA-D9EAEC8444ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-3057",
"lastModified": "2024-11-21T02:07:23.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-29T20:55:08.317",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/68928"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93531"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-22 15:16
Modified
2024-11-21 01:54
Severity ?
Summary
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | content_template_catalog | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:content_template_catalog:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D429DC-45E5-4406-AECA-96E665AF9D84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Websphere Portal 8.0.0.x anteriores a 8.0.0.1 CF09, cuando se utiliza Content Template Catalog 4.0, no requiere privilegios administrativos para la instalaci\u00f3n de archivos Portal Application Archive (PAA), lo cual permite a usuarios remotos autenticados modificar datos o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4012",
"lastModified": "2024-11-21T01:54:42.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-22T15:16:04.317",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85618"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-25 00:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/38574 | Vendor Advisory | |
| cve@mitre.org | http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38574 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.0.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:wp6015_008_01:*:*:*:*:*:*",
"matchCriteriaId": "901C6AC5-531A-4B94-8B9A-3B26F3C5658B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Portlet Palette en IBM WebSphere Portal v6.0.1.5 wp6015_008_01, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del campo de b\u00fasqueda."
}
],
"id": "CVE-2010-0704",
"lastModified": "2024-11-21T01:12:47.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-25T00:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38574"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM05829"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-26 16:55
Modified
2024-11-21 01:27
Severity ?
Summary
The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.0.1.7 | |
| ibm | websphere_portal | 7.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF550E47-49FB-4EBC-83E7-4CFCB7279FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de objetos OutputMediator en IBM WebSphere Portal v6.0.1.7, v7.0.0.1 y anteriores a CF002, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de peticiones."
}
],
"id": "CVE-2011-2173",
"lastModified": "2024-11-21T01:27:45.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-26T16:55:06.613",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM33432"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM33432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67687"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-22 15:16
Modified
2024-11-21 01:58
Severity ?
Summary
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor."
},
{
"lang": "es",
"value": "IBM Websphere Portal 7.0.0.x anteriores a 7.0.0.2 CF26, y 8.0.0.x anteriores a 8.0.0.1 CF09 no maneja apropiadamente cambios contenido-selecci\u00f3n durante el renderizado del componente Taxonomy, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible sobre propiedades en circunstancias oportunistas, aprovechando un error en un procesador de contexto Web COntent Manager (WCM)."
}
],
"id": "CVE-2013-6316",
"lastModified": "2024-11-21T01:58:59.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-22T15:16:04.363",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://osvdb.org/101270"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/64492"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI04897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88597"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-10 10:55
Modified
2024-11-21 02:10
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf17:*:*:*:*:*:*",
"matchCriteriaId": "6BECC6EA-4416-4279-B55F-E1100A981C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf18:*:*:*:*:*:*",
"matchCriteriaId": "211D7DD2-6F6A-4919-BA9C-90B57CB641CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf19:*:*:*:*:*:*",
"matchCriteriaId": "20559453-3376-4F2A-A5FB-6C050C87FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf20:*:*:*:*:*:*",
"matchCriteriaId": "7B465C15-D649-46EE-B261-5F8277EB271F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf21:*:*:*:*:*:*",
"matchCriteriaId": "B02A1C09-9FFD-4572-98D7-6A1E1E620222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf22:*:*:*:*:*:*",
"matchCriteriaId": "A8F8DA2C-379C-43C7-A179-4AA68346B266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf23:*:*:*:*:*:*",
"matchCriteriaId": "7C3B9EA3-B883-4F3B-8B10-BFE14B53FDBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf24:*:*:*:*:*:*",
"matchCriteriaId": "76CCF4D1-96C2-41E2-AC49-551469A54C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf25:*:*:*:*:*:*",
"matchCriteriaId": "999BE13D-CDA4-4938-B85C-618AE3B2441F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf26:*:*:*:*:*:*",
"matchCriteriaId": "5DC63A8E-4E32-44EC-9ABB-A47009D2CC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf17:*:*:*:*:*:*",
"matchCriteriaId": "BBDD2AA1-D34B-4AA3-B663-D7B6E4990374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf18:*:*:*:*:*:*",
"matchCriteriaId": "7A52D85F-E33F-47EC-8E14-6E2C03D13AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf19:*:*:*:*:*:*",
"matchCriteriaId": "408F6C75-E3C1-433A-B10B-35556177DC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf20:*:*:*:*:*:*",
"matchCriteriaId": "D14FAD03-31FB-4867-B960-3DD2DD56B9CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf21:*:*:*:*:*:*",
"matchCriteriaId": "880EBC78-62FB-4CCF-A5B9-5972F8A55A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf22:*:*:*:*:*:*",
"matchCriteriaId": "66958C39-28F5-47C5-9823-3139B7DAB503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf23:*:*:*:*:*:*",
"matchCriteriaId": "8359C7CB-614B-4482-A2B6-B36EAC90A80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf24:*:*:*:*:*:*",
"matchCriteriaId": "AB4D30A3-8B98-45E2-8CC8-62D1422F67A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf25:*:*:*:*:*:*",
"matchCriteriaId": "545AB79A-8FB3-42F4-8292-9034B8958AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf26:*:*:*:*:*:*",
"matchCriteriaId": "D8751241-8CD7-48DE-BAAB-37B6C4975862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*",
"matchCriteriaId": "C7CEA4A0-062F-4B95-92CE-56F0298BD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf28:*:*:*:*:*:*",
"matchCriteriaId": "F265587B-7DC1-49F9-B42E-6CDE15A96CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28, 8.0 hasta 8.0.0.1 CF14, y 8.5.0 hasta 8.5.0.0 CF02 permite a usuarios remotos autenticados descubrir credenciales mediante la lectura de c\u00f3digo de fuente HTML."
}
],
"id": "CVE-2014-4761",
"lastModified": "2024-11-21T02:10:50.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-10T10:55:07.400",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/61126"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684652"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94658"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-29 11:59
Modified
2024-11-21 02:32
Severity ?
Summary
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.5.0 en versiones anteriores a CF08 permite a atacantes remotos eludir las restricciones destinadas al acceso a trav\u00e9s de una petici\u00f3n manipulada."
}
],
"id": "CVE-2015-4997",
"lastModified": "2024-11-21T02:32:08.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-29T11:59:06.443",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47694"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968474"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1033982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033982"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-14 22:59
Modified
2024-11-21 02:26
Severity ?
Summary
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request."
},
{
"lang": "es",
"value": "Vulnerabilidad en IBM WebSphere Portal 6.1.0.x hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5.x hasta la versi\u00f3n 6.1.5.3 CF27, 7.0.x hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.x en versiones anteriores a 8.0.0.1 CF17 y 8.5.0 en versiones anteriores a CF06, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria y CPU) a trav\u00e9s de una petici\u00f3n manipulada."
}
],
"id": "CVE-2015-1943",
"lastModified": "2024-11-21T02:26:26.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-14T22:59:00.103",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI39617"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962567"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1033444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI39617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033444"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-29 11:59
Modified
2024-11-21 02:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.x hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5.x hasta la versi\u00f3n 6.1.5.3 CF27, 7.x hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.x en versiones anteriores a 8.0.0.1 CF20 y 8.5.x en versiones anteriores a 8.5.0.0 CF09 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, una vulnerabilidad diferente a CVE-2016-0244."
}
],
"evaluatorComment": "Appropriate Vendor Advisory Link: \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21976358\"\u003eHERE\u003c/a\u003e",
"id": "CVE-2016-0243",
"lastModified": "2024-11-21T02:41:20.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-29T11:59:08.983",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI54088"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/100572"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/83488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI54088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/100572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83488"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-18 16:55
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.0 hasta 6.1.0.6 CF27, 6.1.5.0 hasta 6.1.5.3 CF27 y 7.0.0 hasta 7.0.0.2 CF28 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0910",
"lastModified": "2024-11-21T02:03:01.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-18T16:55:06.877",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675257"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91875"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 11:14
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 8.0 anterior a 8.0.0.1 CF12, cuando Social Rendering en la integraci\u00f3n de Connections est\u00e1 habilitado, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0955",
"lastModified": "2024-11-21T02:03:06.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-22T11:14:14.723",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92628"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 11:14
Modified
2024-11-21 02:03
Severity ?
Summary
Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*",
"matchCriteriaId": "C7CEA4A0-062F-4B95-92CE-56F0298BD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de vectores no especificados."
}
],
"evaluatorComment": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) http://cwe.mitre.org/data/definitions/601.html",
"id": "CVE-2014-0958",
"lastModified": "2024-11-21T02:03:06.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-22T11:14:14.847",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15689"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-12 05:01
Modified
2024-11-21 02:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 7.0.0 hasta 7.0.0.2 CF28 y 8.0.0 anterior a 8.0.0.1 CF13 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-3102",
"lastModified": "2024-11-21T02:07:27.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-12T05:01:03.873",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16174"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI16174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94269"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-21 11:59
Modified
2024-11-21 02:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0 hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5 hasta la versi\u00f3n 6.1.5.3 CF27, 7.0.0 hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.0 en versiones anteriores a 8.0.0.1 CF19 y 8.5.0 en versiones anteriores a CF08 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, una vulnerabilidad diferente a CVE-2015-4993."
}
],
"id": "CVE-2015-4998",
"lastModified": "2024-11-21T02:32:09.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-21T11:59:03.093",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47712"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1034284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034284"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-21 11:59
Modified
2024-11-21 02:32
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5 hasta la versi\u00f3n 6.1.5.3 CF27, 7.0.0 hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.0 en versiones anteriores a 8.0.0.1 CF19 y 8.5.0 en versiones anteriores a CF08 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un documento manipulado."
}
],
"id": "CVE-2015-5001",
"lastModified": "2024-11-21T02:32:09.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-21T11:59:04.047",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI49540"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1034284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI49540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034284"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 22:59
Modified
2024-11-21 03:21
Severity ?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22000152 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/97075 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1038146 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22000152 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97075 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038146 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5 | |
| ibm | websphere_portal | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F97CDB5F-2EA4-41E8-857B-5D76004C60B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFC1C53-61B8-41EC-B99D-1100D29F3992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.5 y 9.0 es vulnerable a secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad potencialmente prevista dirigida a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. Referencia IBM #: 2000152."
}
],
"id": "CVE-2017-1120",
"lastModified": "2024-11-21T03:21:21.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T22:59:00.287",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000152"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97075"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1038146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038146"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-29 20:55
Modified
2024-11-21 02:07
Severity ?
Summary
Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal_unified_task_list_portlet:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF937A0D-82F0-4382-97DA-D9EAEC8444ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en el portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de vectores no especificados."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\" target=\"_blank\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2014-3054",
"lastModified": "2024-11-21T02:07:22.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-29T20:55:08.177",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93528"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-03 21:55
Modified
2024-11-21 01:52
Severity ?
Summary
CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en IBM WebSphere Portal v6.1.0.x anterior a v6.1.0.3 CF26, v6.1.5.x anterior a v6.1.5 CF26, v7.0.0.x anterior a v7.0.0.2 CF21, y v8.0.0.x hasta v8.0.0.1 CF5 cuando la sustituci\u00f3n home (tambi\u00e9n conocida como uri.home.substitution) esta habilitada, permite a atacantes remotos autenticados inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de separaci\u00f3n de respuesta HTTP a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-2950",
"lastModified": "2024-11-21T01:52:44.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-03T21:55:01.667",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638864"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM85071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83618"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-26 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4DF048-224A-43DB-A796-44EAF9CD8838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA05BB8A-C367-4A09-87A4-C9D9C46AE52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23785ACE-3F00-430E-B9ED-940A70A3201C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F885AD0-1134-483C-9A69-98AC0D60E79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF22D6E-7B21-4657-89ED-A7EF20BFF81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13570CD6-7D5F-4665-A982-9E83FA25C68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB7016-D077-402A-99C7-E6F6290F1D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C064D03F-D49C-4A2F-A23D-3ADC18EC277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDA430B-8996-43D4-BDBD-07A5C9EDB339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F74AC-2B5E-4B6C-9551-576A4F312BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC51FA38-1C63-47F5-A4CF-1128396B62C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF550E47-49FB-4EBC-83E7-4CFCB7279FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9516473F-0533-4326-B880-6B6FD591473D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "773AC6CD-7DDE-4676-8647-26C3B83354DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A502A57D-97DE-424E-B005-B086C1149959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8505A74-332E-4980-ABA2-BEE7E3D7B654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F49CBF7A-9C04-4960-B7B8-6F5C51785C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F535D576-9AC7-4047-8AC3-9F1B5A961DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D9DBB-AA57-4816-8EC6-F7479B5481E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87844DD4-AF06-4A91-973A-F885AD8CA569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC572C9B-BEBE-4619-9B34-73FD8C20F4B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BC65C9-BF3E-41C0-ABD7-5587999FDA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2F018F-3356-45B1-AF0B-8E17023A04E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC532381-C1D3-4FE3-9E32-614B91482255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8153B9AE-9969-4D49-8B07-9817E0C37194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "709CE95C-FCC3-4A8B-9A47-8114BDFEAD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F55351DA-AEAC-40FC-B0B0-9CC1D456F651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E67047-A652-4828-BCE9-AB6C369B459F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9A2F08-F9E6-4DC4-AFFD-77B6787FA81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A727B34-8433-4571-AE1B-4F43320F57A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC18431F-8C85-4C3A-85B9-ADA860F6C0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108210EB-FFEF-4D69-A78D-85DA08913766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D993AD7F-81FC-4C82-9303-699B44ECC92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07EE7410-8A88-468A-B773-89D8A93859E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9A7C87-0DCE-4309-B344-AC106B6ECBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_web_content_management:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6141F9D-42F4-47D2-B340-356F174AA4AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8D8302-74CD-436A-92BD-C08F1254A2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "673674BD-D171-47AF-8169-FBF6346993E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "959CF397-FAC9-488D-96E5-9839EDA77494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0A5D8C-6C5C-4666-BDC0-8451D1C9FCB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF4257D6-58F8-4209-BF67-9124D1BA0B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46AF30E4-3301-401B-94E5-D7FA9E62B82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E986062-BBA8-4AA0-AD41-E101FEFD49EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "250DFAAA-67A9-4E64-B1AE-0966EAC05468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA75DD49-E267-4306-84D8-4C3A548841A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53E20727-E021-442A-B7CB-AB1DFEA21374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5434B4A9-1433-469B-8352-D0FDDD033E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA803C8-EDAC-467E-B8CE-A60612AE86F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "812047C9-6477-455E-8739-4407336102F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10A39AB5-4BDB-4027-9F50-91BBFDAE8E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20E03B68-715F-428D-84FD-F800D02DDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE191CE-C2F4-45F7-8CF3-565832E01AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "49CC6237-2E8C-415A-9C09-C8FD3F4C1E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22D7C604-2F9B-4AA0-BEE0-379D2C65321F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA1888C-A7F9-4019-8798-524EE7EB8A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33D2422E-141A-414E-B283-E7BF570FFA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C5D9B6-F013-46B7-AE06-609A0B11A8C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30E0AA87-E48E-46C3-B8DD-3C3A90322AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA17FC6-DAE6-4FAC-B3CD-1269689314CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_workplace_web_content_management:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CBEF3F-EB64-42D1-B23A-D3A20F900971",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "980401D7-AAF3-4AE4-9006-83D99170F5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CA670F-E987-44ED-8A2A-62CCA5D037F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3C43CE-8917-4109-A185-93699004638F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "344E13DD-DAFC-4394-8371-B032D117D6AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), y IBM Lotus Workplace Web Content Management v5.1.0.0 hasta v5.1.0.5, v6.0.0.0 hasta v6.0.0.4, v6.0.1.0 hasta v6.0.1.7, v6.1.0.0 hasta v6.1.0.3, y v6.1.5.0; y IBM Lotus Quickr services v8.0, v8.0.0.2, v8.1, v8.1.1, y v8.1.1.1 para WebSphere Portal; permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del cadena \"query\"."
}
],
"id": "CVE-2010-0714",
"lastModified": "2024-11-21T01:12:48.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-26T19:30:00.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38412"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023660"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM03233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56508"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-27 19:29
Modified
2024-11-21 04:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041754 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/147164 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10729323 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041754 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/147164 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10729323 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 147164."
}
],
"id": "CVE-2018-1716",
"lastModified": "2024-11-21T04:00:14.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-27T19:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-27 19:29
Modified
2024-11-21 04:00
Severity ?
7.4 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105490 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041753 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/147906 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10729683 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105490 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041753 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/147906 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10729683 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7EE3B00E-D18B-43C4-BD15-7E8E1AFDA8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906."
},
{
"lang": "es",
"value": "IBM WebSphere Portal en sus versiones 7.0, 8.0, 8.5 y 9.0 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 147906."
}
],
"id": "CVE-2018-1736",
"lastModified": "2024-11-21T04:00:16.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-27T19:29:00.510",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-04 01:41
Modified
2024-11-21 00:49
Severity ?
Summary
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 5.1.0.0 | |
| ibm | websphere_portal | 5.1.0.1 | |
| ibm | websphere_portal | 5.1.0.2 | |
| ibm | websphere_portal | 5.1.0.3 | |
| ibm | websphere_portal | 5.1.0.4 | |
| ibm | websphere_portal | 5.1.0.5 | |
| ibm | websphere_portal | 6.0.0.0 | |
| ibm | websphere_portal | 6.0.0.1 | |
| ibm | websphere_portal | 6.0.1.1 | |
| ibm | websphere_portal | 6.0.1.3 | |
| ibm | websphere_portal | 6.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4DF048-224A-43DB-A796-44EAF9CD8838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA05BB8A-C367-4A09-87A4-C9D9C46AE52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23785ACE-3F00-430E-B9ED-940A70A3201C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F885AD0-1134-483C-9A69-98AC0D60E79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF22D6E-7B21-4657-89ED-A7EF20BFF81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:5.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13570CD6-7D5F-4665-A982-9E83FA25C68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 5.1 hasta la 6.1.0.0 permite a atacantes remotos saltarse la autenticaci\u00f3n y obtener acceso administrativo a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-3423",
"lastModified": "2024-11-21T00:49:13.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-04T01:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31443"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30500"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020712"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2405"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-29 11:59
Modified
2024-11-21 02:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 6.1.0.x hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5.x hasta la versi\u00f3n 6.1.5.3 CF27, 7.x hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.x en versiones anteriores a 8.0.0.1 CF20 y 8.5.x en versiones anteriores a 8.5.0.0 CF09 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, una vulnerabilidad diferente a CVE-2016-0243."
}
],
"evaluatorComment": "Appropriate Vendor Advisory Link: \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21976358\"\u003eHERE\u003c/a\u003e",
"id": "CVE-2016-0244",
"lastModified": "2024-11-21T02:41:20.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-29T11:59:09.873",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI55327"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI55327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21975358"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-22 11:14
Modified
2024-11-21 02:03
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*",
"matchCriteriaId": "34270605-BA3A-4A8F-A538-030819E115FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*",
"matchCriteriaId": "C7CEA4A0-062F-4B95-92CE-56F0298BD81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
"matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta 6.1.0.6 CF27, 6.1.5 hasta 6.1.5.3 CF27, 7.0 hasta 7.0.0.2 CF28 y 8.0 anterior a 8.0.0.1 CF12 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de recursos y ca\u00edda de demonio) a trav\u00e9s de una solicitud web manipulada."
}
],
"id": "CVE-2014-0949",
"lastModified": "2024-11-21T02:03:05.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-22T11:14:14.440",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92622"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-26 02:59
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | * | |
| ibm | websphere_portal | * | |
| ibm | websphere_portal | * | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 8.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:*:cf28:*:*:*:*:*:*",
"matchCriteriaId": "439FB43E-4A6A-4337-959A-2EFDDF5E9BA9",
"versionEndIncluding": "7.0.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:*:14:*:*:*:*:*:*",
"matchCriteriaId": "DC925A0E-E02E-47DB-A2E6-C2A1ACD84027",
"versionEndIncluding": "8.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:*:cf01:*:*:*:*:*:*",
"matchCriteriaId": "31DF431F-3D15-4701-975A-971C215F42EF",
"versionEndIncluding": "8.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Portal 7.0.x anterior a 7.0.0.2 CF29, 8.0.x hasta 8.0.0.1 CF14, y 8.5.x anterior a 8.5.0 CF02 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-6093",
"lastModified": "2024-11-21T02:13:45.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-11-26T02:59:00.090",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59752"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60912"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689849"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1031359"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI24678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95921"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-28 18:59
Modified
2024-11-21 02:19
Severity ?
Summary
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.0 | |
| ibm | websphere_portal | 6.0.0.1 | |
| ibm | websphere_portal | 6.0.0.2 | |
| ibm | websphere_portal | 6.0.0.3 | |
| ibm | websphere_portal | 6.0.0.4 | |
| ibm | websphere_portal | 6.0.1.0 | |
| ibm | websphere_portal | 6.0.1.1 | |
| ibm | websphere_portal | 6.0.1.2 | |
| ibm | websphere_portal | 6.0.1.3 | |
| ibm | websphere_portal | 6.0.1.4 | |
| ibm | websphere_portal | 6.0.1.5 | |
| ibm | websphere_portal | 6.0.1.6 | |
| ibm | websphere_portal | 6.0.1.7 | |
| ibm | websphere_portal | 6.1 | |
| ibm | websphere_portal | 6.1.0 | |
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A355A246-A3DC-48E4-931A-CEA8BC7D6CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D54D4DB-FA55-47AE-9E19-FB8368FD40C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEB7016-D077-402A-99C7-E6F6290F1D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C064D03F-D49C-4A2F-A23D-3ADC18EC277A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FDA430B-8996-43D4-BDBD-07A5C9EDB339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A48A-E669-4AA0-AD83-85778A7B6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8C5AD9-2086-4131-A03C-02A89D822080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82FC2F98-1E99-4B50-88D5-7A2904F4585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7F74AC-2B5E-4B6C-9551-576A4F312BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC51FA38-1C63-47F5-A4CF-1128396B62C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF550E47-49FB-4EBC-83E7-4CFCB7279FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82F35693-3EF6-440F-96B2-99A5756FCCF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C957A5D3-171E-46EB-9DE1-0186CB697A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 6.1.0 hasta la versi\u00f3n 6.1.0.6 CF27, 6.1.5 hasta la versi\u00f3n 6.1.5.3 CF27, 7.0.0 hasta la versi\u00f3n 7.0.0.2 CF29, 8.0.0 hasta la versi\u00f3n 8.0.0.1 CF18 y 8.5.0 en versiones anteriores a CF08 no restringe adecuadamente las fuentes de acceso, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados, seg\u00fan lo demostrado por la informaci\u00f3n de configuraci\u00f3n."
}
],
"id": "CVE-2014-8912",
"lastModified": "2024-11-21T02:19:56.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-28T18:59:00.123",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47714"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963226"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1033988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI47714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033988"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-02 03:58
Modified
2024-11-21 02:02
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz de usuario de WCM (Web Content Manager) en IBM WebSphere Portal 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF27 y 8.0.0.x anterior a 8.0.0.1 CF11 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0828",
"lastModified": "2024-11-21T02:02:52.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-02T03:58:16.997",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/66556"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90566"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-12 05:01
Modified
2024-11-21 02:10
Severity ?
Summary
Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 6.1.0.0 | |
| ibm | websphere_portal | 6.1.0.1 | |
| ibm | websphere_portal | 6.1.0.2 | |
| ibm | websphere_portal | 6.1.0.3 | |
| ibm | websphere_portal | 6.1.0.4 | |
| ibm | websphere_portal | 6.1.0.5 | |
| ibm | websphere_portal | 6.1.0.6 | |
| ibm | websphere_portal | 6.1.5.0 | |
| ibm | websphere_portal | 6.1.5.1 | |
| ibm | websphere_portal | 6.1.5.2 | |
| ibm | websphere_portal | 6.1.5.3 | |
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE74154-3E79-4D56-96C4-D8E644F1419D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA915826-5D89-43E9-83E7-88973648302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DB29F4-59AB-439C-91C4-CDF677676C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA922-11EF-4315-A09A-B4A8937E4CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "526738D7-1AF8-4A8F-B833-BA0E35973A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D6BE9C-16FD-4FB4-8A87-56B42C246316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B50CEA-AFC4-4B45-9954-519965237FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0902AC0F-EA4D-4E65-A70A-15DE9B904B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D808F95D-C6BD-43EB-B16C-66449977BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en IBM WebSphere Portal 6.1.0.0 hasta 6.1.0.6 CF27, 6.1.5.0 hasta 6.1.5.3 CF27, 7.0.0 hasta 7.0.0.2 CF28, 8.0.0 anterior a 8.0.0.1 CF13, y 8.5.0 anterior a CF01 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL manipulada."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\" target=\"_blank\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2014-4760",
"lastModified": "2024-11-21T02:10:50.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-12T05:01:04.043",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60597"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI19877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94657"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 13:10
Modified
2024-11-21 02:02
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | connections_portlets | 4.0 | |
| ibm | connections_portlets | 4.5 | |
| ibm | connections_portlets | 4.5.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:connections_portlets:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC18DD6-5C32-42BC-8198-73D9F7D88C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:connections_portlets:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A13F87B-DDD9-4EAE-AD90-CEE3156CF512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:connections_portlets:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1B0C30-C63E-4288-BBDE-CAFAB2F5EEE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en IBM Connections Portlets 4.x anterior a 4.5.1 FP1 para IBM WebSphere Portal 7.0.0.2 y 8.0.0.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0855",
"lastModified": "2024-11-21T02:02:55.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-14T13:10:30.623",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663921"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90802"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}