6.8
CVE-2014-0954
- EPSS 0.25%
- Published 22.05.2014 11:14:14
- Last modified 12.04.2025 10:46:40
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Websphere Portal Version6.1.0.0
Ibm ≫ Websphere Portal Version6.1.0.1
Ibm ≫ Websphere Portal Version6.1.0.2
Ibm ≫ Websphere Portal Version6.1.0.3
Ibm ≫ Websphere Portal Version6.1.0.4
Ibm ≫ Websphere Portal Version6.1.0.5
Ibm ≫ Websphere Portal Version6.1.0.6
Ibm ≫ Websphere Portal Version6.1.0.6 Updatecf27
Ibm ≫ Websphere Portal Version6.1.5.0
Ibm ≫ Websphere Portal Version6.1.5.1
Ibm ≫ Websphere Portal Version6.1.5.2
Ibm ≫ Websphere Portal Version6.1.5.3
Ibm ≫ Websphere Portal Version6.1.5.3 Updatecf27
Ibm ≫ Websphere Portal Version7.0.0.0
Ibm ≫ Websphere Portal Version7.0.0.0 Updatecf001
Ibm ≫ Websphere Portal Version7.0.0.1
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf002
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf003
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf004
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf005
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf006
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf007
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf008
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf009
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf010
Ibm ≫ Websphere Portal Version7.0.0.1 Updatecf019
Ibm ≫ Websphere Portal Version7.0.0.2
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf011
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf012
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf013
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf014
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf015
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf016
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf017
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf018
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf019
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf020
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf021
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf022
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf23
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf24
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf25
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf26
Ibm ≫ Websphere Portal Version7.0.0.2 Updatecf27
Ibm ≫ Websphere Portal Version8.0.0.0
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf01
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf02
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf03
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf04
Ibm ≫ Websphere Portal Version8.0.0.0 Updatecf05
Ibm ≫ Websphere Portal Version8.0.0.1
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf04
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf05
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf07
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf08
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf09
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf10
Ibm ≫ Websphere Portal Version8.0.0.1 Updatecf11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.458 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.