- Home
- CVEs with nessus.description==The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in 'Apache Commons HttpClient' that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. (CVE-2012-6153)
- A flaw exists in 'Apache HttpComponents' that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. (CVE-2014-3577)
- An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808)
- A flaw exists due to improper recursion detection during entity expansion. A remote attacker, via a specially crafted XML document, can cause the system to crash, resulting in a denial of service. (CVE-2014-4814)
- An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes.
(CVE-2014-4821)
- A cross-site scripting vulnerability exists in the 'Preview' plugin in CKEditor, which allows a remote attacker to inject arbitrary data via unspecified vectors. (CVE-2014-5191)
- A cross-site scripting vulnerability exists that allows an attacker to inject arbitrary web script or HTML via a specially crafted URL. (CVE-2014-6171)
- A flaw exists when the Managed Pages setting is enabled that allows a remote, authenticated attacker to write to pages via an XML injection attack. (CVE-2014-6193)
- A cross-site scripting vulnerability exists in the Blog Portlet, which allows an attacker to inject arbitrary data via a specially crafted URL. (CVE-2014-8902)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top