Search criteria
378 vulnerabilities found for websphere_portal by ibm
FKIE_CVE-2018-1673
Vulnerability from fkie_nvd - Published: 2018-10-12 05:29 - Updated: 2024-11-21 04:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041845 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/145108 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10731155 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041845 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/145108 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10731155 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7EE3B00E-D18B-43C4-BD15-7E8E1AFDA8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 145108."
}
],
"id": "CVE-2018-1673",
"lastModified": "2024-11-21T04:00:10.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-12T05:29:00.907",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041845"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1672
Vulnerability from fkie_nvd - Published: 2018-10-01 14:29 - Updated: 2024-11-21 04:00
Severity ?
5.0 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041766 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144958 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10716981 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041766 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144958 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10716981 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7EE3B00E-D18B-43C4-BD15-7E8E1AFDA8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 podr\u00eda fracasar a la hora de establecer el contexto de usuario correcto en ciertos escenarios de suplantaci\u00f3n, lo que puede permitir que un usuario act\u00fae con la identidad de otro usuario. IBM X-Force ID: 144958."
}
],
"id": "CVE-2018-1672",
"lastModified": "2024-11-21T04:00:10.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-01T14:29:00.467",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1420
Vulnerability from fkie_nvd - Published: 2018-10-01 14:29 - Updated: 2024-11-21 03:59
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041767 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22014276 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041767 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138950 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22014276 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 restablece las opciones de control de acceso a su configuraci\u00f3n de f\u00e1brica durante la instalaci\u00f3n Combined Cumulative Fix (CF). Esto puede conducir a una mala configuraci\u00f3n del seguridad de la instalaci\u00f3n. IBM X-Force ID: 138950."
}
],
"id": "CVE-2018-1420",
"lastModified": "2024-11-21T03:59:47.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-01T14:29:00.313",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1736
Vulnerability from fkie_nvd - Published: 2018-09-27 19:29 - Updated: 2024-11-21 04:00
Severity ?
7.4 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105490 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041753 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/147906 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10729683 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105490 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041753 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/147906 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10729683 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7EE3B00E-D18B-43C4-BD15-7E8E1AFDA8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906."
},
{
"lang": "es",
"value": "IBM WebSphere Portal en sus versiones 7.0, 8.0, 8.5 y 9.0 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 147906."
}
],
"id": "CVE-2018-1736",
"lastModified": "2024-11-21T04:00:16.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-27T19:29:00.510",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1660
Vulnerability from fkie_nvd - Published: 2018-09-27 19:29 - Updated: 2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105446 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041755 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144886 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10715923 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105446 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041755 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144886 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10715923 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1F28C710-8FDB-4474-B6EF-5835D4D7FE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5DB13754-BB23-48D8-9BDC-E8FF552DEA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "5A244AB2-9EBB-4A7D-BED7-CA92903268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AA4AD694-EA0E-4910-A3F9-EEDC510AFDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7EE3B00E-D18B-43C4-BD15-7E8E1AFDA8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5B2F4AE1-AFBF-487D-B891-40D94C50F8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 144886."
}
],
"id": "CVE-2018-1660",
"lastModified": "2024-11-21T04:00:09.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-27T19:29:00.197",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1820
Vulnerability from fkie_nvd - Published: 2018-09-27 19:29 - Updated: 2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041751 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/150096 | VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10732287 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041751 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/150096 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10732287 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf16:*:*:*:*:*:*",
"matchCriteriaId": "CBAD9FC6-4E56-4CA8-904D-77AD22329313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 150096."
}
],
"id": "CVE-2018-1820",
"lastModified": "2024-11-21T04:00:27.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-27T19:29:00.837",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1716
Vulnerability from fkie_nvd - Published: 2018-09-27 19:29 - Updated: 2024-11-21 04:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1041754 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/147164 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10729323 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041754 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/147164 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10729323 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*",
"matchCriteriaId": "2991B76F-8E96-45A9-8B9D-942AF93755E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf011:*:*:*:*:*:*",
"matchCriteriaId": "DF8105DA-2519-428D-AB09-01EEF2FF6FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf012:*:*:*:*:*:*",
"matchCriteriaId": "B2824CB0-BBC6-4AD5-993C-91E1CF293B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf013:*:*:*:*:*:*",
"matchCriteriaId": "56AF2117-2F73-4729-84DC-72B8B235C581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf014:*:*:*:*:*:*",
"matchCriteriaId": "303EE4F0-9C7A-4B0B-8BBB-852C68A802E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf015:*:*:*:*:*:*",
"matchCriteriaId": "4967BA17-DD56-42A7-812A-7B6EE74C6E03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9DD708E8-67BE-48D7-AD76-FDA753426862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf017:*:*:*:*:*:*",
"matchCriteriaId": "AC8DAFF7-9410-40E2-805A-580B82EA0667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf018:*:*:*:*:*:*",
"matchCriteriaId": "D06D62C6-13EF-42BA-BEBE-C3F9A42F5AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf020:*:*:*:*:*:*",
"matchCriteriaId": "38D755C0-82CA-45EA-9D89-6172D98B78F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf023:*:*:*:*:*:*",
"matchCriteriaId": "B44130DA-8BBC-4CC5-BD20-E05CE32AB1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf024:*:*:*:*:*:*",
"matchCriteriaId": "D42C69F1-2877-419A-AB64-74687A11F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf025:*:*:*:*:*:*",
"matchCriteriaId": "B6D45C1D-CCF2-4281-B132-4931B33BA48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf026:*:*:*:*:*:*",
"matchCriteriaId": "8CB0EDF6-2EC7-4C03-8597-9E034DBB3BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf027:*:*:*:*:*:*",
"matchCriteriaId": "847994E6-C322-46EB-B089-9D1752E42987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf028:*:*:*:*:*:*",
"matchCriteriaId": "79FD9027-FA61-4AB0-A945-7329B609A9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf029:*:*:*:*:*:*",
"matchCriteriaId": "07EDE452-4C88-4DA9-91E9-F0722009C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf030:*:*:*:*:*:*",
"matchCriteriaId": "E0D7936A-478C-44AA-B9DD-2165BA482AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*",
"matchCriteriaId": "E090A0BC-DECD-4912-B5FB-C41A1E77675E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*",
"matchCriteriaId": "4CC1CAEE-C7DA-4F01-8948-BADCEB0B76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*",
"matchCriteriaId": "783AA775-7257-45C8-A246-A71E559B459D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf14:*:*:*:*:*:*",
"matchCriteriaId": "02F014F7-1F35-4982-98F5-B22E86544E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf15:*:*:*:*:*:*",
"matchCriteriaId": "535E3EAE-8286-4751-8DAF-707A0F2F160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf16:*:*:*:*:*:*",
"matchCriteriaId": "E6708150-6E0D-4B0C-98A0-A42CAF20D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf17:*:*:*:*:*:*",
"matchCriteriaId": "96849F67-1B41-4265-8046-B29C5469DA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf18:*:*:*:*:*:*",
"matchCriteriaId": "2074093E-8F1A-442D-8972-57FE73044079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf19:*:*:*:*:*:*",
"matchCriteriaId": "1B46BD8B-AFA5-4660-9983-ED9FB5E26A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf20:*:*:*:*:*:*",
"matchCriteriaId": "3FFF0BC7-42C0-4E4F-836E-8F1B31E1C420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf21:*:*:*:*:*:*",
"matchCriteriaId": "5655ED83-06C7-4828-A38D-18E92555C48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf22:*:*:*:*:*:*",
"matchCriteriaId": "14C80CD3-F5CB-4B64-98D5-C00A73233979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf23:*:*:*:*:*:*",
"matchCriteriaId": "2A7D9B77-F154-405C-9E94-B4EAA087E766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "704EF027-9DEF-4079-BBFE-A64DB757EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "9928D9CB-4817-4782-808F-6A4FBA87D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "758F9176-3EDF-469E-946E-B35C2D212029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "AFBD1F79-9AB1-4699-B5B8-315CFEFFDEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "764E04B9-F754-4118-B34F-71D5EF38660F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf06:*:*:*:*:*:*",
"matchCriteriaId": "46A3712D-DCB1-4631-B114-AD5A48313CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A79C66A0-6482-4E93-94B1-348B3FFA4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf08:*:*:*:*:*:*",
"matchCriteriaId": "2D0259BA-FD5D-4236-9AA3-13EE738B3F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf09:*:*:*:*:*:*",
"matchCriteriaId": "34EB80B8-CE15-4F0B-BC98-6AAE7148C5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF6533-4FE9-4A9B-ABF6-CEDD30402A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "FA49E417-1CED-4E49-ABC9-51E321271498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "CAA46610-A694-4524-8BD3-8A4B22E0F1AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 147164."
}
],
"id": "CVE-2018-1716",
"lastModified": "2024-11-21T04:00:14.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-27T19:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2951
Vulnerability from fkie_nvd - Published: 2018-07-11 16:29 - Updated: 2024-11-21 01:52
Severity ?
Summary
IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21642097 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/83621 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21642097 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/83621 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 7.0.0.0 | |
| ibm | websphere_portal | 7.0.0.1 | |
| ibm | websphere_portal | 7.0.0.2 | |
| ibm | websphere_portal | 8.0.0.0 | |
| ibm | websphere_portal | 8.0.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6ECEE98-B276-4ED6-AA5A-109EA57E9925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621."
},
{
"lang": "es",
"value": "IBM WebSphere Portal en versiones 7.0.0.x y 8.0.0.x escribe contrase\u00f1as a un archivo de rastreo cuando \u00e9ste est\u00e1 habilitado para el Selfcare Portlet (Profile Management), lo que permite que usuarios locales obtengan informaci\u00f3n sensible mediante la lectura del archivo. IBM X-Force ID: 83621."
}
],
"id": "CVE-2013-2951",
"lastModified": "2024-11-21T01:52:44.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-11T16:29:00.393",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1445
Vulnerability from fkie_nvd - Published: 2018-04-17 15:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg22015407 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040647 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/139907 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg22015407 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040647 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/139907 | VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | * | |
| ibm | websphere_portal | 8.5 | |
| ibm | websphere_portal | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EBF7BB-17FC-4FBE-BA0F-A0FDF5F44B10",
"versionEndIncluding": "8.0.0.1",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F97CDB5F-2EA4-41E8-857B-5D76004C60B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFC1C53-61B8-41EC-B99D-1100D29F3992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907."
},
{
"lang": "es",
"value": "IBM WebSphere Portal, de la versi\u00f3n 8.0.0 hasta la 8.0.0.1, 8.5 y 9.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 139907."
}
],
"id": "CVE-2018-1445",
"lastModified": "2024-11-21T03:59:50.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T15:29:00.317",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1483
Vulnerability from fkie_nvd - Published: 2018-04-11 16:29 - Updated: 2024-11-21 03:59
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040644 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/140918 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg22015317 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040644 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/140918 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg22015317 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 8.5.0.0 | |
| ibm | websphere_portal | 9.0 | |
| ibm | websphere_portal | 9.0 | |
| ibm | websphere_portal | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf1:*:*:*:*:*:*",
"matchCriteriaId": "EA29BAC6-C8A4-4E7D-9657-55187EF93976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf10:*:*:*:*:*:*",
"matchCriteriaId": "DEFF296A-8B82-493E-9A1E-DB4D1976621E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf11:*:*:*:*:*:*",
"matchCriteriaId": "1FC3D249-FA1A-4A2D-B0F7-3289E0563236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf12:*:*:*:*:*:*",
"matchCriteriaId": "169B283C-4FAD-4201-B26C-53E57D057136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf13:*:*:*:*:*:*",
"matchCriteriaId": "2867E5D2-5982-4178-B9F7-E4E82E7A97FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "4D2524C0-6CA2-4836-928D-A9F139F00D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "68857CCD-F5AD-4D96-AB3A-103B2233B909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf2:*:*:*:*:*:*",
"matchCriteriaId": "C5C13822-6429-4B77-89CC-E7845FFA14D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf3:*:*:*:*:*:*",
"matchCriteriaId": "392ACE90-C966-4438-9B05-3ECCE2075C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf4:*:*:*:*:*:*",
"matchCriteriaId": "4C513C48-0CE3-4AD9-968E-EF52D876DFC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf5:*:*:*:*:*:*",
"matchCriteriaId": "3D659480-730D-43EA-A023-01502554DFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf6:*:*:*:*:*:*",
"matchCriteriaId": "428DE1AE-5EAB-4ED9-A624-0F68100D66F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf7:*:*:*:*:*:*",
"matchCriteriaId": "5B5F60DD-37BB-4879-B92F-DEF202AFB64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf8:*:*:*:*:*:*",
"matchCriteriaId": "228E4263-D9E3-4B79-B60E-E5AFBE980B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf9:*:*:*:*:*:*",
"matchCriteriaId": "B745C736-CF0F-4B1F-ACF7-0B012CA51884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFC1C53-61B8-41EC-B99D-1100D29F3992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:cf14:*:*:*:*:*:*",
"matchCriteriaId": "1983DFA3-9926-4220-872E-BCBE3C64DF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:9.0:cf15:*:*:*:*:*:*",
"matchCriteriaId": "554F1FFE-BB76-443D-AD4F-058B6964E060",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918."
},
{
"lang": "es",
"value": "IBM WebSphere Portal 8.5 y 9.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 140918."
}
],
"id": "CVE-2018-1483",
"lastModified": "2024-11-21T03:59:54.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-11T16:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040644"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1673 (GCVE-0-2018-1673)
Vulnerability from cvelistv5 – Published: 2018-10-12 05:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"name": "ibm-websphere-cve20181673-xss(145108)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"name": "1041845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"name": "ibm-websphere-cve20181673-xss(145108)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"name": "1041845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731155",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"name": "ibm-websphere-cve20181673-xss(145108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"name": "1041845",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1673",
"datePublished": "2018-10-12T05:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:27:06.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1420 (GCVE-0-2018-1420)
Vulnerability from cvelistv5 – Published: 2018-10-01 15:00 – Updated: 2024-09-16 17:47
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
Severity ?
CWE
- Data Manipulation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181420-improper-access(138950)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"name": "1041767",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:N/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181420-improper-access(138950)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"name": "1041767",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181420-improper-access(138950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22014276",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"name": "1041767",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1420",
"datePublished": "2018-10-01T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:47:39.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1672 (GCVE-0-2018-1672)
Vulnerability from cvelistv5 – Published: 2018-10-01 15:00 – Updated: 2024-09-17 01:55
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:H/AV:N/C:L/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "H",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041766"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10716981",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1672",
"datePublished": "2018-10-01T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:55:59.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1660 (GCVE-0-2018-1660)
Vulnerability from cvelistv5 – Published: 2018-09-27 19:00 – Updated: 2024-09-17 02:57
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"name": "1041755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"name": "ibm-webphsere-cve20181660-xss(144886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "105446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"name": "1041755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"name": "ibm-webphsere-cve20181660-xss(144886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105446"
},
{
"name": "1041755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041755"
},
{
"name": "ibm-webphsere-cve20181660-xss(144886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10715923",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1660",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:57:09.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1736 (GCVE-0-2018-1736)
Vulnerability from cvelistv5 – Published: 2018-09-27 19:00 – Updated: 2024-09-17 02:01
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"name": "105490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"name": "ibm-websphere-cve20181736-open-redirect(147906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 6.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:N/S:C/UI:R/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1041753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"name": "105490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"name": "ibm-websphere-cve20181736-open-redirect(147906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041753",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041753"
},
{
"name": "105490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105490"
},
{
"name": "ibm-websphere-cve20181736-open-redirect(147906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729683",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1736",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:01:25.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1716 (GCVE-0-2018-1716)
Vulnerability from cvelistv5 – Published: 2018-09-27 19:00 – Updated: 2024-09-17 02:57
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041754",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name": "ibm-websphere-cve20181716-xss(147164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1041754",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name": "ibm-websphere-cve20181716-xss(147164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041754",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041754"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729323",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name": "ibm-websphere-cve20181716-xss(147164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1716",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:57:00.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1820 (GCVE-0-2018-1820)
Vulnerability from cvelistv5 – Published: 2018-09-27 19:00 – Updated: 2024-09-17 03:55
VLAI?
Summary
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
8.0
Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"name": "1041751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"name": "ibm-websphere-cve20181820-xss(150096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"name": "1041751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"name": "ibm-websphere-cve20181820-xss(150096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10732287",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"name": "1041751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041751"
},
{
"name": "ibm-websphere-cve20181820-xss(150096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1820",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:55:04.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2951 (GCVE-0-2013-2951)
Vulnerability from cvelistv5 – Published: 2018-07-11 16:00 – Updated: 2024-08-06 15:52
VLAI?
Summary
IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"name": "was-portal-cve20132951-info-disclosure(83621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"name": "was-portal-cve20132951-info-disclosure(83621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"name": "was-portal-cve20132951-info-disclosure(83621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-2951",
"datePublished": "2018-07-11T16:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1445 (GCVE-0-2018-1445)
Vulnerability from cvelistv5 – Published: 2018-04-17 15:00 – Updated: 2024-09-16 20:23
VLAI?
Summary
IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
8.0
Affected: 8.0.0.1 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"name": "1040647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"name": "1040647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2018-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"name": "1040647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040647"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1445",
"datePublished": "2018-04-17T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T20:23:01.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1483 (GCVE-0-2018-1483)
Vulnerability from cvelistv5 – Published: 2018-04-11 16:00 – Updated: 2024-09-16 18:28
VLAI?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.
Severity ?
6.1 (Medium)
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
8.5
Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"name": "1040644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"name": "1040644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-06T00:00:00",
"ID": "CVE-2018-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22015317",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"name": "1040644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1483",
"datePublished": "2018-04-11T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T18:28:40.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1673 (GCVE-0-2018-1673)
Vulnerability from nvd – Published: 2018-10-12 05:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"name": "ibm-websphere-cve20181673-xss(145108)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"name": "1041845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"name": "ibm-websphere-cve20181673-xss(145108)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"name": "1041845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731155",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731155"
},
{
"name": "ibm-websphere-cve20181673-xss(145108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145108"
},
{
"name": "1041845",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1673",
"datePublished": "2018-10-12T05:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:27:06.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1420 (GCVE-0-2018-1420)
Vulnerability from nvd – Published: 2018-10-01 15:00 – Updated: 2024-09-16 17:47
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
Severity ?
CWE
- Data Manipulation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181420-improper-access(138950)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"name": "1041767",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:N/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181420-improper-access(138950)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"name": "1041767",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181420-improper-access(138950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138950"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22014276",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22014276"
},
{
"name": "1041767",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1420",
"datePublished": "2018-10-01T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:47:39.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1672 (GCVE-0-2018-1672)
Vulnerability from nvd – Published: 2018-10-01 15:00 – Updated: 2024-09-17 01:55
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:L/AC:H/AV:N/C:L/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "H",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181672-session-fixation(144958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144958"
},
{
"name": "1041766",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041766"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10716981",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1672",
"datePublished": "2018-10-01T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:55:59.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1660 (GCVE-0-2018-1660)
Vulnerability from nvd – Published: 2018-09-27 19:00 – Updated: 2024-09-17 02:57
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"name": "1041755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"name": "ibm-webphsere-cve20181660-xss(144886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "105446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105446"
},
{
"name": "1041755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041755"
},
{
"name": "ibm-webphsere-cve20181660-xss(144886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105446"
},
{
"name": "1041755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041755"
},
{
"name": "ibm-webphsere-cve20181660-xss(144886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144886"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10715923",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10715923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1660",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:57:09.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1736 (GCVE-0-2018-1736)
Vulnerability from nvd – Published: 2018-09-27 19:00 – Updated: 2024-09-17 02:01
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"name": "105490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"name": "ibm-websphere-cve20181736-open-redirect(147906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 6.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:N/S:C/UI:R/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1041753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041753"
},
{
"name": "105490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105490"
},
{
"name": "ibm-websphere-cve20181736-open-redirect(147906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041753",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041753"
},
{
"name": "105490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105490"
},
{
"name": "ibm-websphere-cve20181736-open-redirect(147906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147906"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729683",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729683"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1736",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:01:25.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1716 (GCVE-0-2018-1716)
Vulnerability from nvd – Published: 2018-09-27 19:00 – Updated: 2024-09-17 02:57
VLAI?
Summary
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
7.0
Affected: 8.0 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041754",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name": "ibm-websphere-cve20181716-xss(147164)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1041754",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041754"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name": "ibm-websphere-cve20181716-xss(147164)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041754",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041754"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729323",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729323"
},
{
"name": "ibm-websphere-cve20181716-xss(147164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1716",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:57:00.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1820 (GCVE-0-2018-1820)
Vulnerability from nvd – Published: 2018-09-27 19:00 – Updated: 2024-09-17 03:55
VLAI?
Summary
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
8.0
Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"name": "1041751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"name": "ibm-websphere-cve20181820-xss(150096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"name": "1041751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041751"
},
{
"name": "ibm-websphere-cve20181820-xss(150096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-1820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10732287",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732287"
},
{
"name": "1041751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041751"
},
{
"name": "ibm-websphere-cve20181820-xss(150096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1820",
"datePublished": "2018-09-27T19:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:55:04.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2951 (GCVE-0-2013-2951)
Vulnerability from nvd – Published: 2018-07-11 16:00 – Updated: 2024-08-06 15:52
VLAI?
Summary
IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"name": "was-portal-cve20132951-info-disclosure(83621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"name": "was-portal-cve20132951-info-disclosure(83621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-2951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642097"
},
{
"name": "was-portal-cve20132951-info-disclosure(83621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-2951",
"datePublished": "2018-07-11T16:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T15:52:21.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1445 (GCVE-0-2018-1445)
Vulnerability from nvd – Published: 2018-04-17 15:00 – Updated: 2024-09-16 20:23
VLAI?
Summary
IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
8.0
Affected: 8.0.0.1 Affected: 8.5 Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"name": "1040647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"name": "1040647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2018-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139907"
},
{
"name": "1040647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040647"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22015407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1445",
"datePublished": "2018-04-17T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T20:23:01.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1483 (GCVE-0-2018-1483)
Vulnerability from nvd – Published: 2018-04-11 16:00 – Updated: 2024-09-16 18:28
VLAI?
Summary
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.
Severity ?
6.1 (Medium)
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Portal |
Affected:
8.5
Affected: 9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"name": "1040644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Portal",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:N/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"name": "1040644",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-04-06T00:00:00",
"ID": "CVE-2018-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg22015317",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg22015317"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140918"
},
{
"name": "1040644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1483",
"datePublished": "2018-04-11T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T18:28:40.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}