Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Websphere Portal  Security Vulnerabilities
CVE-2009-0899
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-06-03
CVE-2009-1008
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.
CVSS Score
4.4
EPSS Score
0.001
Published
2009-04-15
CVE-2009-1009
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
CVSS Score
4.4
EPSS Score
0.001
Published
2009-04-15
CVE-2009-1010
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.
CVSS Score
4.4
EPSS Score
0.001
Published
2009-04-15
CVE-2008-5675
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."
CVSS Score
10.0
EPSS Score
0.005
Published
2008-12-19
CVE-2008-3423
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.007
Published
2008-08-04
CVE-2007-3127
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.
CVSS Score
5.0
EPSS Score
0.099
Published
2007-06-19
CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVSS Score
6.4
EPSS Score
0.004
Published
2007-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved