Vulnerabilities > IBM > Websphere Portal > 8.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2014-09-12 CVE-2014-4792 Resource Management Errors vulnerability in IBM Websphere Portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files.
network
low complexity
ibm CWE-399
4.0
4.0
2014-09-12 CVE-2014-4762 Cross-Site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-08-12 CVE-2014-4760 Open Redirection vulnerability in IBM WebSphere Portal
Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
network
ibm
5.8
5.8
2014-08-12 CVE-2014-4746 Information Exposure vulnerability in IBM Websphere Portal 8.0.0.0/8.5.0.0
IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote attackers to map the intranet network via a series of requests.
network
low complexity
ibm CWE-200
5.0
5.0
2014-08-12 CVE-2014-3102 Cross-Site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2014-08-12 CVE-2014-0953 Cross-Site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
4.3
2014-07-29 CVE-2014-3057 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
4.3
2014-07-29 CVE-2014-3056 Information Exposure vulnerability in IBM products
The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors.
network
low complexity
ibm CWE-200
5.0
5.0
2014-07-29 CVE-2014-3055 SQL Injection vulnerability in IBM products
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
7.5
7.5
2014-07-29 CVE-2014-3054 Open Redirection vulnerability in IBM products
Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
ibm
5.8
5.8