Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2009-04-15 |
| Product | Websphere Portal | Last view | 2018-10-12 |
| Version | 8.0.0.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:websphere_portal | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.1 | 2018-10-12 | CVE-2018-1673 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108. |
| 6.3 | 2018-10-01 | CVE-2018-1672 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958. |
| 6.5 | 2018-10-01 | CVE-2018-1420 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950. |
| 5.4 | 2018-09-27 | CVE-2018-1820 | IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096. |
| 6.1 | 2018-09-27 | CVE-2018-1736 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906. |
| 6.1 | 2018-09-27 | CVE-2018-1716 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164. |
| 5.4 | 2018-09-27 | CVE-2018-1660 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886. |
| 7.8 | 2018-07-11 | CVE-2013-2951 | IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621. |
| 5.4 | 2018-04-17 | CVE-2018-1445 | IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907. |
| 6.1 | 2018-02-27 | CVE-2018-1416 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822. |
| 6.1 | 2018-02-09 | CVE-2018-1401 | IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437. |
| 6.1 | 2018-02-09 | CVE-2017-1761 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005. |
| 5.3 | 2017-12-27 | CVE-2017-1698 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. |
| 7.5 | 2017-09-27 | CVE-2017-1577 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. |
| 6.1 | 2017-09-07 | CVE-2017-1189 | IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558. |
| 6.5 | 2016-09-12 | CVE-2016-5954 | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. |
| 5.4 | 2016-08-07 | CVE-2016-2925 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| 5.4 | 2016-02-29 | CVE-2016-0245 | The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
| 6.1 | 2016-02-29 | CVE-2016-0244 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243. |
| 6.1 | 2016-02-29 | CVE-2016-0243 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244. |
| 5.4 | 2016-02-29 | CVE-2015-7491 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| 6.1 | 2016-02-29 | CVE-2015-7457 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| 3.1 | 2016-02-29 | CVE-2015-7455 | IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI. |
| 7.4 | 2016-02-29 | CVE-2015-7428 | Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
| 7.2 | 2016-02-14 | CVE-2015-7472 | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 54% (40) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 10% (8) | CWE-200 | Information Exposure |
| 8% (6) | CWE-399 | Resource Management Errors |
| 8% (6) | CWE-264 | Permissions, Privileges, and Access Controls |
| 4% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 2% (2) | CWE-284 | Access Control (Authorization) Issues |
| 2% (2) | CWE-20 | Improper Input Validation |
| 1% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 1% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 1% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 1% (1) | CWE-287 | Improper Authentication |
| 1% (1) | CWE-255 | Credentials Management |
| 1% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 1% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 53749 | Oracle Outside In Technology Microsoft Office Spreadsheet Record Handling Ove... |
| 53748 | Oracle Outside In Technology Microsoft Excel Spreadsheet Record Handling Remo... |
| 53747 | Oracle Outside In Technology HTML Export Unspecified Issue (CVE-2009-1008) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0087 | Multiple Vulnerabilities in IBM WebSphere Portal Severity: Category I - VMSKEY: V0061053 |
| 2014-B-0061 | Multiple Security Vulnerabilities in IBM WebSphere Portal Severity: Category I - VMSKEY: V0050899 |
| 2014-B-0016 | IBM Websphere Portal File Upload Vulnerability Severity: Category I - VMSKEY: V0044087 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-12-20 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_fa6a4a6903d111e9be12a4badb2f4699.nasl - Type: ACT_GATHER_INFO |
| 2018-12-11 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_32498c8ffc8411e8be12a4badb2f4699.nasl - Type: ACT_GATHER_INFO |
| 2017-10-02 | Name: The web portal software installed on the remote Windows host is affected by a... File: websphere_portal_swg22008586.nasl - Type: ACT_GATHER_INFO |
| 2017-09-07 | Name: The web portal software installed on the remote Windows host is affected by a... File: websphere_portal_swg22008028.nasl - Type: ACT_GATHER_INFO |
| 2016-10-21 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_cve-2016-5954.nasl - Type: ACT_GATHER_INFO |
| 2016-08-23 | Name: The web portal software installed on the remote Windows host is affected by m... File: websphere_portal_8_0_0_1_cf20.nasl - Type: ACT_GATHER_INFO |
| 2016-08-23 | Name: The web portal software installed on the remote Windows host is affected by m... File: websphere_portal_8_0_0_1_cf19.nasl - Type: ACT_GATHER_INFO |
| 2016-08-18 | Name: The web portal software installed on the remote Windows host is affected by m... File: websphere_portal_8_5_0_0_cf10.nasl - Type: ACT_GATHER_INFO |
| 2016-08-18 | Name: The web portal software installed on the remote Windows host is affected by m... File: websphere_portal_8_0_0_1_cf21.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The web portal software installed on the remote Windows host is affected by m... File: websphere_portal_swg21976358.nasl - Type: ACT_GATHER_INFO |
| 2016-01-07 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_cve-2015-7447.nasl - Type: ACT_GATHER_INFO |
| 2015-07-07 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_8_0_0_1_cf17.nasl - Type: ACT_GATHER_INFO |
| 2015-07-07 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_cve-2015-1887.nasl - Type: ACT_GATHER_INFO |
| 2015-07-07 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_cve-2015-1917.nasl - Type: ACT_GATHER_INFO |
| 2015-05-28 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_cve-2015-1921.nasl - Type: ACT_GATHER_INFO |
| 2015-05-28 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_8_5_0_0_cf06.nasl - Type: ACT_GATHER_INFO |
| 2015-04-24 | Name: The web portal software installed on the remote Windows host is affected by m... File: websphere_portal_swg21701566.nasl - Type: ACT_GATHER_INFO |
| 2015-04-17 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_cve-2014-8909.nasl - Type: ACT_GATHER_INFO |
| 2015-04-17 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_8_0_0_1_cf15.nasl - Type: ACT_GATHER_INFO |
| 2015-03-24 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_swg21697213.nasl - Type: ACT_GATHER_INFO |
| 2014-12-03 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_7_0_0_2_cf29.nasl - Type: ACT_GATHER_INFO |
| 2014-11-12 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_cve-2014-3083.nasl - Type: ACT_GATHER_INFO |
| 2014-11-12 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_8_5_0_0_cf02.nasl - Type: ACT_GATHER_INFO |
| 2014-10-30 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_6_1_5_3_cf27.nasl - Type: ACT_GATHER_INFO |
| 2014-10-30 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_cve-2014-4821.nasl - Type: ACT_GATHER_INFO |
