The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
IBM WebSphere Portal 6.1.0 through 220.127.116.11 CF27, 6.1.5 through 18.104.22.168 CF27, 7.0 through 22.214.171.124 CF28, and 8.0 before 126.96.36.199 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
|79691||IBM WebSphere Portal 7.0.0.x < 188.8.131.52 CF29 Multiple Vulnerabilities||Nessus||CGI abuses|
|74160||IBM WebSphere Portal Web Content Viewer Portlet Privilege Escalation (PI15723)||Nessus||CGI abuses|
|74156||IBM WebSphere Portal 8.x < 184.108.40.206 CF12 Multiple Vulnerabilities||Nessus||CGI abuses|