- Home
- CVEs with nessus.description==The version of IBM WebSphere Portal installed on the remote host is
affected by multiple vulnerabilities :
- A remote code execution vulnerability exists in the
Apache Struts ClassLoader. A remote attacker can exploit
this issue by manipulating the 'class' parameter of an
ActionForm object to execute arbitrary code.
(CVE-2014-0114)
- An unspecified information disclosure vulnerability
exists which allows a remote attacker to gain access to
sensitive information. (CVE-2014-3083)
- An information disclosure vulnerability exists which
allows a remote, authenticated attacker to gain access
to sensitive information, such as user credentials,
through certain HTML pages. (CVE-2014-4761)
- An unspecified cross-site scripting vulnerability exists
due to improper validation of user input. This can be
exploited by a remote, authenticated attacker to execute
code in the security context of a user's browser.
(CVE-2014-4762)
- An unrestricted file upload vulnerability exists which
allows a remote, authenticated attacker to upload large
files, potentially resulting in a denial of service.
(CVE-2014-4792)
- An unspecified cross-site scripting vulnerability exists
that allows remote, authenticated attackers to execute
arbitrary code via a specially crafted URL.
(CVE-2014-6093)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top