Design/Logic Flaw

2013-08-2116:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.6%

JSON

IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.

CPENameOperatorVersion
websphere_portaleq7.0.0.0
websphere_portaleq8.0.0.0
websphere_portaleq8.0.0.0 cf4
websphere_portaleq7.0.0.0 cf1
websphere_portaleq8.0.0.0 cf1
websphere_portaleq8.0.0.0 cf2
websphere_portaleq8.0.0.0 cf5
websphere_portaleq8.0.0.0 cf3
websphere_portaleq8.0
websphere_portaleq6.1.0.0

Name	Operator	Version
websphere_portal	eq	7.0.0.0
websphere_portal	eq	8.0.0.0
websphere_portal	eq	8.0.0.0 cf4
websphere_portal	eq	7.0.0.0 cf1
websphere_portal	eq	8.0.0.0 cf1
websphere_portal	eq	8.0.0.0 cf2
websphere_portal	eq	8.0.0.0 cf5
websphere_portal	eq	8.0.0.0 cf3
websphere_portal	eq	8.0
websphere_portal	eq	6.1.0.0