Ibm Websphere Portal vulnerabilities

126 known vulnerabilities affecting ibm/websphere_portal.

Total CVEs
126
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH15MEDIUM95LOW15

Vulnerabilities

Page 2 of 7
CVE-2017-1303MEDIUMCVSS 6.1v7.0v8.0+2 more2017-07-31
CVE-2017-1303 [MEDIUM] CWE-79 CVE-2017-1303: IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scri IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457.
cvelistv5nvd
CVE-2017-1217MEDIUMCVSS 6.1v8.5v9.02017-07-05
CVE-2017-1217 [MEDIUM] CWE-79 CVE-2017-1217: IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows us IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857
cvelistv5nvd
CVE-2017-1156HIGHCVSS 8.8v8.5v9.02017-05-05
CVE-2017-1156 [HIGH] CWE-601 CVE-2017-1156: IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow
nvd
CVE-2017-1120MEDIUMCVSS 6.1v8.5v9.02017-03-27
CVE-2017-1120 [MEDIUM] CWE-79 CVE-2017-1120: IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows us IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152.
nvd
CVE-2016-8922MEDIUMCVSS 6.1v8.0v8.52017-02-01
CVE-2016-8922 [MEDIUM] CWE-79 CVE-2016-8922: Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbi Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
nvd
CVE-2016-5954MEDIUMCVSS 6.5v6.1.0.0v6.1.0.1+15 more2016-09-12
CVE-2016-5954 [MEDIUM] CWE-284 CVE-2016-5954: IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 C IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.
nvd
CVE-2016-2925MEDIUMCVSS 5.4v6.1.0.0v6.1.0.1+15 more2016-08-08
CVE-2016-2925 [MEDIUM] CWE-79 CVE-2016-2925: Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2016-2901HIGHCVSS 8.8v8.5.0.02016-06-26
CVE-2016-2901 [HIGH] CWE-352 CVE-2016-2901: Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
nvd
CVE-2015-7428HIGHCVSS 7.4v8.0.0.0v8.0.0.1+1 more2016-02-29
CVE-2015-7428 [HIGH] CVE-2015-7428: Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0 Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
nvd
CVE-2015-7457MEDIUMCVSS 6.1v8.0.0.0v8.0.0.1+1 more2016-02-29
CVE-2015-7457 [MEDIUM] CWE-79 CVE-2015-7457: Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2016-0245MEDIUMCVSS 5.4v8.0.0.0v8.0.0.1+1 more2016-02-29
CVE-2016-0245 [MEDIUM] CVE-2016-0245: The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allow The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
nvd
CVE-2016-0244MEDIUMCVSS 6.1v6.1.0.0v6.1.0.1+15 more2016-02-29
CVE-2016-0244 [MEDIUM] CVE-2016-0244: Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243.
nvd
CVE-2016-0243MEDIUMCVSS 6.1v6.1.0.0v6.1.0.1+15 more2016-02-29
CVE-2016-0243 [MEDIUM] CWE-79 CVE-2016-0243: Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244.
nvd
CVE-2015-7491MEDIUMCVSS 5.4v8.0.0.0v8.0.0.1+1 more2016-02-29
CVE-2015-7491 [MEDIUM] CWE-79 CVE-2015-7491: Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2015-7455LOWCVSS 3.1v7.0.0.0v7.0.0.1+4 more2016-02-29
CVE-2015-7455 [LOW] CWE-264 CVE-2015-7455: IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 C IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.
nvd
CVE-2015-7472HIGHCVSS 7.2v6.1.0.0v6.1.0.1+15 more2016-02-15
CVE-2015-7472 [HIGH] CVE-2015-7472: IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 C IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.
nvd
CVE-2016-0209MEDIUMCVSS 6.1v8.5.0.02016-01-27
CVE-2016-0209 [MEDIUM] CWE-79 CVE-2016-0209: Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote att Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2015-7447MEDIUMCVSS 5.3v6.1.0.0v6.1.0.1+15 more2015-12-31
CVE-2015-7447 [MEDIUM] CWE-200 CVE-2015-7447: IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 C IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors.
nvd
CVE-2015-7413MEDIUMCVSS 4.3v8.0.0.0v8.0.0.1+1 more2015-12-21
CVE-2015-7413 [MEDIUM] CWE-79 CVE-2015-7413: Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2015-4993MEDIUMCVSS 6.1v6.1.0.0v6.1.0.1+15 more2015-12-21
CVE-2015-4993 [MEDIUM] CWE-79 CVE-2015-4993: Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 t Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998.
nvd
← Previous2 / 7Next →