Vulnerabilities > CVE-2014-4808 - Unspecified vulnerability in IBM Websphere Portal

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ibm
nessus

Summary

Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors.

Nessus

  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_6_1_0_6_CF27.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is 6.1.0.x prior 6.1.0.6 CF27. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id78739
    published2014-10-30
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78739
    titleIBM WebSphere Portal 6.1.0.x < 6.1.0.6 CF27 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_8_5_0_0_CF03.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is affected by the multiple vulnerabilities : - Multiple vulnerabilities exist in the Apache Cordova component, including cross-application scripting, security bypass, and information disclosure. (CVE-2014-3500, CVE-2014-3501, CVE-2014-3502) - An information disclosure flaw exists that allows remote authenticated attackers to obtain credentials by reading HTML source code. (CVE-2014-4761) - An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808) - A flaw exists that is caused by improper recursion detection during entity expansion. By tricking a user into opening a specially-crafted XML document, an attacker can cause the system to crash, resulting in a denial of service. (CVE-2014-4814) - An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes. (CVE-2014-4821) - A flaw exists in CKEditor in the Preview plugin that allows a cross-site scripting attack. The flaw exists due to
    last seen2020-06-01
    modified2020-06-02
    plugin id78742
    published2014-10-30
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78742
    titleIBM WebSphere Portal 8.5.0 < 8.5.0 CF03 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_8_0_0_1_CF15.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in
    last seen2020-06-01
    modified2020-06-02
    plugin id82850
    published2015-04-17
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82850
    titleIBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_6_1_5_3_CF27.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is 6.1.5.x prior to 6.1.5.3 CF27. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id78740
    published2014-10-30
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78740
    titleIBM WebSphere Portal 6.1.5.x < 6.1.5.3 CF27 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_7_0_0_2_CF29.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the
    last seen2020-06-01
    modified2020-06-02
    plugin id79691
    published2014-12-03
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79691
    titleIBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_CVE-2014-4808.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is affected by an unspecified code execution vulnerability that allows an authenticated attacker to execute arbitrary code on the system.
    last seen2020-06-01
    modified2020-06-02
    plugin id78743
    published2014-10-30
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78743
    titleIBM WebSphere Portal Unspecified Vulnerability (PI25993)