Summary
Detail | |||
---|---|---|---|
Vendor | Ibm | First view | 2014-11-25 |
Product | Websphere Portal | Last view | 2018-10-12 |
Version | 8.5.0.0 | Type | Application |
Update | cf10 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ibm:websphere_portal |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.1 | 2018-10-12 | CVE-2018-1673 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108. |
6.3 | 2018-10-01 | CVE-2018-1672 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958. |
6.5 | 2018-10-01 | CVE-2018-1420 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950. |
5.4 | 2018-09-27 | CVE-2018-1820 | IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096. |
6.1 | 2018-09-27 | CVE-2018-1736 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906. |
6.1 | 2018-09-27 | CVE-2018-1716 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164. |
5.4 | 2018-09-27 | CVE-2018-1660 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886. |
6.1 | 2018-04-11 | CVE-2018-1483 | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918. |
5.4 | 2018-03-13 | CVE-2018-1444 | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906. |
6.1 | 2018-02-27 | CVE-2018-1416 | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822. |
3.5 | 2014-11-25 | CVE-2014-6093 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
72% (8) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
9% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
9% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
9% (1) | CWE-287 | Improper Authentication |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-12-20 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_fa6a4a6903d111e9be12a4badb2f4699.nasl - Type: ACT_GATHER_INFO |
2018-12-11 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_32498c8ffc8411e8be12a4badb2f4699.nasl - Type: ACT_GATHER_INFO |
2014-12-03 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_7_0_0_2_cf29.nasl - Type: ACT_GATHER_INFO |
2014-11-12 | Name: The remote Windows host has web portal software installed that is affected by... File: websphere_portal_8_5_0_0_cf02.nasl - Type: ACT_GATHER_INFO |