Vulnerabilities > IBM > Websphere Portal > 8.5.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-02-09 CVE-2018-1401 Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.5.0.0/9.0.0.0
IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2018-02-09 CVE-2017-1761 Cross-site Scripting vulnerability in IBM Websphere Portal
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2018-01-11 CVE-2018-1361 Cross-site Scripting vulnerability in IBM Websphere Portal 8.5.0.0/9.0.0.0
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-12-27 CVE-2017-1698 Information Exposure vulnerability in IBM Websphere Portal
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system.
network
low complexity
ibm CWE-200
5.3
2017-12-20 CVE-2017-1423 Information Exposure vulnerability in IBM Websphere Portal 8.5.0.0/9.0.0.0
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component.
network
low complexity
ibm CWE-200
5.3
2017-09-28 CVE-2017-1577 Path Traversal vulnerability in IBM Websphere Portal
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2016-09-12 CVE-2016-5954 Improper Access Control vulnerability in IBM Websphere Portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.
network
low complexity
ibm CWE-284
6.5
2016-08-08 CVE-2016-2925 Cross-site Scripting vulnerability in IBM Websphere Portal
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-06-26 CVE-2016-2901 Cross-Site Request Forgery (CSRF) vulnerability in IBM web Content Manager and Websphere Portal
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-02-29 CVE-2016-0245 Unspecified vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
5.4