This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2014-11-25
Product Websphere Portal Last view 2018-10-12
Version 8.5.0.0 Type Application
Update cf10  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:websphere_portal

Activity : Overall

Related : CVE

  Date Alert Description
6.1 2018-10-12 CVE-2018-1673

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.

6.3 2018-10-01 CVE-2018-1672

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.

6.5 2018-10-01 CVE-2018-1420

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.

5.4 2018-09-27 CVE-2018-1820

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096.

6.1 2018-09-27 CVE-2018-1736

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.

6.1 2018-09-27 CVE-2018-1716

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164.

5.4 2018-09-27 CVE-2018-1660

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144886.

6.1 2018-04-11 CVE-2018-1483

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918.

5.4 2018-03-13 CVE-2018-1444

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906.

6.1 2018-02-27 CVE-2018-1416

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822.

3.5 2014-11-25 CVE-2014-6093

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CWE : Common Weakness Enumeration

%idName
72% (8) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
9% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
9% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
9% (1) CWE-287 Improper Authentication

Nessus® Vulnerability Scanner

id Description
2018-12-20 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_fa6a4a6903d111e9be12a4badb2f4699.nasl - Type: ACT_GATHER_INFO
2018-12-11 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_32498c8ffc8411e8be12a4badb2f4699.nasl - Type: ACT_GATHER_INFO
2014-12-03 Name: The remote Windows host has web portal software installed that is affected by...
File: websphere_portal_7_0_0_2_cf29.nasl - Type: ACT_GATHER_INFO
2014-11-12 Name: The remote Windows host has web portal software installed that is affected by...
File: websphere_portal_8_5_0_0_cf02.nasl - Type: ACT_GATHER_INFO