Code injection

2013-12-2215:16:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

51.0%

JSON

IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

CPENameOperatorVersion
websphere_portaleq8.0.0.0
websphere_portaleq8.0.0.1

CPE	Name	Operator	Version
	websphere_portal	eq	8.0.0.0
	websphere_portal	eq	8.0.0.1

References

www-01.ibm.com/support/docview.wss?uid=swg1PM93172

www-01.ibm.com/support/docview.wss?uid=swg21660011

exchange.xforce.ibmcloud.com/vulnerabilities/85618