CVE-2013-3016

2013-08-2116:55:11

CWE-264

[email protected]

web.nvd.nist.gov

ibm

websphere

portal

cve-2013-3016

security

vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.6%

JSON

IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.

Affected configurations

NVD

Node

ibmwebsphere_portalMatch6.1.0.0

ibmwebsphere_portalMatch7.0.0.0

ibmwebsphere_portalMatch7.0.0.0cf001

ibmwebsphere_portalMatch8.0

ibmwebsphere_portalMatch8.0.0.0

ibmwebsphere_portalMatch8.0.0.0cf01

ibmwebsphere_portalMatch8.0.0.0cf02

ibmwebsphere_portalMatch8.0.0.0cf03

ibmwebsphere_portalMatch8.0.0.0cf04

ibmwebsphere_portalMatch8.0.0.0cf05

CPENameOperatorVersion
ibm:websphere_portalibm websphere portaleq6.1.0.0
ibm:websphere_portalibm websphere portaleq7.0.0.0
ibm:websphere_portalibm websphere portaleq8.0
ibm:websphere_portalibm websphere portaleq8.0.0.0

CPE	Name	Operator	Version
ibm:websphere_portal	ibm websphere portal	eq	6.1.0.0
ibm:websphere_portal	ibm websphere portal	eq	7.0.0.0
ibm:websphere_portal	ibm websphere portal	eq	8.0
ibm:websphere_portal	ibm websphere portal	eq	8.0.0.0