Code injection

2013-12-2215:16:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.6%

JSON

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

CPENameOperatorVersion
websphere_portaleq7.0.0.1
websphere_portaleq6.0.1.0
websphere_portaleq8.0.0.1
websphere_portaleq6.0.1.3
websphere_portaleq7.0.0.0
websphere_portaleq8.0.0.0
websphere_portaleq6.1.5.1
websphere_portaleq6.1.5.0
websphere_portaleq6.0.1.1
websphere_portaleq6.0.0.0

Name	Operator	Version
websphere_portal	eq	7.0.0.1
websphere_portal	eq	6.0.1.0
websphere_portal	eq	8.0.0.1
websphere_portal	eq	6.0.1.3
websphere_portal	eq	7.0.0.0
websphere_portal	eq	8.0.0.0
websphere_portal	eq	6.1.5.1
websphere_portal	eq	6.1.5.0
websphere_portal	eq	6.0.1.1
websphere_portal	eq	6.0.0.0

Rows per page:

1-10 of 261

References

osvdb.org/101255

packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html

secunia.com/advisories/56161

www-01.ibm.com/support/docview.wss?uid=swg1PI07777

www-01.ibm.com/support/docview.wss?uid=swg21660289

www.securityfocus.com/archive/1/530552/100/0/threaded

www.securityfocus.com/bid/64496

www.securitytracker.com/id/1029539

exchange.xforce.ibmcloud.com/vulnerabilities/89591

www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735