Lucene search

IbmCVE-2013-3016

HistoryAug 21, 2013 - 4:55 p.m.

CVE-2013-3016

2013-08-2116:55:11

CWE-264

ibm

web.nvd.nist.gov

ibm

websphere

portal

cve-2013-3016

security

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

53.3%

JSON

IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.

Affected configurations

Nvd

Node

ibmwebsphere_portalMatch6.1.0.0

ibmwebsphere_portalMatch7.0.0.0

ibmwebsphere_portalMatch7.0.0.0cf001

ibmwebsphere_portalMatch8.0

ibmwebsphere_portalMatch8.0.0.0

ibmwebsphere_portalMatch8.0.0.0cf01

ibmwebsphere_portalMatch8.0.0.0cf02

ibmwebsphere_portalMatch8.0.0.0cf03

ibmwebsphere_portalMatch8.0.0.0cf04

ibmwebsphere_portalMatch8.0.0.0cf05

VendorProductVersionCPE
ibmwebsphere_portal6.1.0.0cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal7.0.0.0cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal7.0.0.0cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*
ibmwebsphere_portal8.0cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*
ibmwebsphere_portal8.0.0.0cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal8.0.0.0cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*
ibmwebsphere_portal8.0.0.0cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*
ibmwebsphere_portal8.0.0.0cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*
ibmwebsphere_portal8.0.0.0cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*
ibmwebsphere_portal8.0.0.0cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_portal	6.1.0.0	cpe:2.3:a:ibm:websphere_portal:6.1.0.0:::::::*
ibm	websphere_portal	7.0.0.0	cpe:2.3:a:ibm:websphere_portal:7.0.0.0:::::::*
ibm	websphere_portal	7.0.0.0	cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001::::::
ibm	websphere_portal	8.0	cpe:2.3:a:ibm:websphere_portal:8.0:::::::*
ibm	websphere_portal	8.0.0.0	cpe:2.3:a:ibm:websphere_portal:8.0.0.0:::::::*
ibm	websphere_portal	8.0.0.0	cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01::::::
ibm	websphere_portal	8.0.0.0	cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02::::::
ibm	websphere_portal	8.0.0.0	cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03::::::
ibm	websphere_portal	8.0.0.0	cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04::::::
ibm	websphere_portal	8.0.0.0	cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05::::::

References

www-01.ibm.com/support/docview.wss?uid=swg21647344

exchange.xforce.ibmcloud.com/vulnerabilities/84350

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

53.3%

JSON

Related for CVE-2013-3016