Lucene search

[email protected]CVE-2012-4834

HistoryNov 30, 2012 - 7:55 p.m.

CVE-2012-4834

2012-11-3019:55:01

CWE-22

[email protected]

web.nvd.nist.gov

cve-2012-4834

directory traversal

layerloader.jsp

ibm websphere portal

security vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%

JSON

Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.

Affected configurations

NVD

Node

ibmwebsphere_portalMatch7.0.0.1

ibmwebsphere_portalMatch7.0.0.1cf002

ibmwebsphere_portalMatch7.0.0.1cf003

ibmwebsphere_portalMatch7.0.0.1cf004

ibmwebsphere_portalMatch7.0.0.1cf005

ibmwebsphere_portalMatch7.0.0.1cf006

ibmwebsphere_portalMatch7.0.0.1cf007

ibmwebsphere_portalMatch7.0.0.1cf008

ibmwebsphere_portalMatch7.0.0.1cf009

ibmwebsphere_portalMatch7.0.0.1cf010

ibmwebsphere_portalMatch7.0.0.1cf011

ibmwebsphere_portalMatch7.0.0.1cf012

ibmwebsphere_portalMatch7.0.0.1cf013

ibmwebsphere_portalMatch7.0.0.1cf014

ibmwebsphere_portalMatch7.0.0.1cf015

ibmwebsphere_portalMatch7.0.0.1cf016

ibmwebsphere_portalMatch7.0.0.1cf017

ibmwebsphere_portalMatch7.0.0.1cf018

ibmwebsphere_portalMatch7.0.0.2

ibmwebsphere_portalMatch7.0.0.2cf002

ibmwebsphere_portalMatch7.0.0.2cf003

ibmwebsphere_portalMatch7.0.0.2cf004

ibmwebsphere_portalMatch7.0.0.2cf005

ibmwebsphere_portalMatch7.0.0.2cf006

ibmwebsphere_portalMatch7.0.0.2cf007

ibmwebsphere_portalMatch7.0.0.2cf008

ibmwebsphere_portalMatch7.0.0.2cf009

ibmwebsphere_portalMatch7.0.0.2cf010

ibmwebsphere_portalMatch7.0.0.2cf011

ibmwebsphere_portalMatch7.0.0.2cf012

ibmwebsphere_portalMatch7.0.0.2cf013

ibmwebsphere_portalMatch7.0.0.2cf014

ibmwebsphere_portalMatch7.0.0.2cf015

ibmwebsphere_portalMatch7.0.0.2cf016

ibmwebsphere_portalMatch7.0.0.2cf017

ibmwebsphere_portalMatch7.0.0.2cf018

ibmwebsphere_portalMatch8.0.0.0

ibmwebsphere_portalMatch8.0.0.0cf01

ibmwebsphere_portalMatch8.0.0.0cf02

CPENameOperatorVersion
ibm:websphere_portalibm websphere portaleq7.0.0.1
ibm:websphere_portalibm websphere portaleq7.0.0.2
ibm:websphere_portalibm websphere portaleq8.0.0.0

CPE	Name	Operator	Version
ibm:websphere_portal	ibm websphere portal	eq	7.0.0.1
ibm:websphere_portal	ibm websphere portal	eq	7.0.0.2
ibm:websphere_portal	ibm websphere portal	eq	8.0.0.0

References

secunia.com/advisories/51281

www-01.ibm.com/support/docview.wss?uid=swg1PM76354

www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344

www.ibm.com/support/docview.wss?uid=swg21617713

www.ibm.com/support/docview.wss?uid=swg24033155

exchange.xforce.ibmcloud.com/vulnerabilities/78914

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for CVE-2012-4834

nvd1 prion1 cvelist1 nessus1