Ibm

Websphere Portal

126 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-1673

  • EPSS 0.25%
  • Published 12.10.2018 05:29:00
  • Last modified 21.11.2024 04:00:10

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

6.5

CVE-2018-1420

  • EPSS 0.15%
  • Published 01.10.2018 14:29:00
  • Last modified 21.11.2024 03:59:47

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

6.5

CVE-2018-1672

  • EPSS 0.23%
  • Published 01.10.2018 14:29:00
  • Last modified 21.11.2024 04:00:10

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.

5.4

CVE-2018-1660

  • EPSS 0.46%
  • Published 27.09.2018 19:29:00
  • Last modified 21.11.2024 04:00:09

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

6.1

CVE-2018-1716

  • EPSS 0.23%
  • Published 27.09.2018 19:29:00
  • Last modified 21.11.2024 04:00:14

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

6.1

CVE-2018-1736

  • EPSS 0.53%
  • Published 27.09.2018 19:29:00
  • Last modified 21.11.2024 04:00:16

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to ...

5.4

CVE-2018-1820

  • EPSS 0.24%
  • Published 27.09.2018 19:29:00
  • Last modified 21.11.2024 04:00:27

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...

7.8

CVE-2013-2951

  • EPSS 0.05%
  • Published 11.07.2018 16:29:00
  • Last modified 21.11.2024 01:52:44

IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.

5.4

CVE-2018-1445

  • EPSS 0.27%
  • Published 17.04.2018 15:29:00
  • Last modified 21.11.2024 03:59:50

IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

6.1

CVE-2018-1483

  • EPSS 0.25%
  • Published 11.04.2018 16:29:00
  • Last modified 21.11.2024 03:59:54

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...