Design/Logic Flaw

2013-12-2215:16:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor.

CPENameOperatorVersion
websphere_portaleq7.0.0.1
websphere_portaleq8.0.0.1
websphere_portaleq7.0.0.0
websphere_portaleq8.0.0.0
websphere_portaleq7.0.0.2

Name	Operator	Version
websphere_portal	eq	7.0.0.1
websphere_portal	eq	8.0.0.1
websphere_portal	eq	7.0.0.0
websphere_portal	eq	8.0.0.0
websphere_portal	eq	7.0.0.2

References

osvdb.org/101270

www-01.ibm.com/support/docview.wss?uid=swg1PI04897

www-01.ibm.com/support/docview.wss?uid=swg21660011

www.securityfocus.com/bid/64492

exchange.xforce.ibmcloud.com/vulnerabilities/88597