- Home
- CVEs with nessus.description==The IBM WebSphere Portal installed on the remote host is version 6.1.0.x prior to 6.1.0.6 CF27 with patches, 6.1.5.x prior to 6.1.5.3 CF27 with patches, 7.0.0.x prior to 7.0.0.2 CF29 with patches, 8.0.0.x prior to 8.0.0.1 CF20, or 8.5.0.0 prior to 8.5.0.0 CF09 with patches.
It is, therefore, affected by multiple vulnerabilities :
- An open redirect vulnerability exists due to improper validation of input before returning it to the user. An attacker can exploit this, via a specially crafted link, to redirect a victim to an arbitrary website.
(CVE-2015-7428)
- A security bypass vulnerability exists due to insecure permissions. A remote attacker can exploit this to make changes to content items. (CVE-2015-7455)
- Multiple unspecified cross-site scripting vulnerabilities exist due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2015-7457, CVE-2015-7491, CVE-2016-0243, CVE-2016-0244)
- An XML External Entity (XXE) injection vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition or to disclose sensitive information.
(CVE-2016-0245)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top