Design/Logic Flaw

2014-03-0422:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.8%

JSON

IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results.

CPENameOperatorVersion
websphere_portaleq7.0.0.1
websphere_portaleq8.0.0.1
websphere_portaleq7.0.0.0
websphere_portaleq8.0.0.0
websphere_portaleq6.1.5.1
websphere_portaleq6.1.5.0
websphere_portaleq6.1.0.5
websphere_portaleq6.1.5.3
websphere_portaleq6.1.0.2
websphere_portaleq6.1.5.2

Name	Operator	Version
websphere_portal	eq	7.0.0.1
websphere_portal	eq	8.0.0.1
websphere_portal	eq	7.0.0.0
websphere_portal	eq	8.0.0.0
websphere_portal	eq	6.1.5.1
websphere_portal	eq	6.1.5.0
websphere_portal	eq	6.1.0.5
websphere_portal	eq	6.1.5.3
websphere_portal	eq	6.1.0.2
websphere_portal	eq	6.1.5.2