Total
128 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1008 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2023-12-10 | 4.4 MEDIUM | N/A |
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010. | |||||
CVE-2009-1009 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2023-12-10 | 4.4 MEDIUM | N/A |
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. | |||||
CVE-2009-1010 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2023-12-10 | 4.4 MEDIUM | N/A |
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. | |||||
CVE-2009-4152 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. | |||||
CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 7.5 HIGH | N/A |
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
CVE-2008-5675 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI." | |||||
CVE-2007-3128 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 6.4 MEDIUM | N/A |
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
CVE-2007-3127 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 5.0 MEDIUM | N/A |
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. |