- Home
- CVEs with nessus.description==The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF17. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the Outside In Filters subcomponent. An attacker, using a specially crafted DOCX file, can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-0474)
- An buffer overflow flaw exists in the Outside In Filters subcomponent due to 'ibpsd2.dll' not properly validating user-supplied input in PSD files. An attacker can exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-0493)
- A flaw exists in the access control enforcement of the JCR component that allows a remote, unauthenticated attacker, using a specially crafted request, to gain access to potentially sensitive information.
(CVE-2015-1887)
- A cross-site scripting vulnerability exists in the Active Content Filtering component due to improperly validating user-supplied input. A remote attacker can exploit this by creating a specially crafted URL designed to execute script code in the victim's web browser. (CVE-2015-1917)
- A flaw exists that allows a cross-site redirection attack due to a failure to validate certain unspecified input before returning it to the user. An attacker, using specially crafted URL, can exploit this to redirect victims to a website of the attacker's own choosing. (CVE-2015-1921)
- A flaw exists that allows a reflected cross-site scripting attack due to a failure to validate input before returning it back to the user. A remote attacker, using a crafted URL, can exploit this to execute code or HTML within the user's browser. (CVE-2015-1944)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top