Lucene search

IbmCVE-2013-5454

HistoryNov 18, 2013 - 3:55 a.m.

CVE-2013-5454

2013-11-1803:55:06

CWE-200

ibm

web.nvd.nist.gov

ibm websphere portal

cve-2013-5454

remote attackers

file read

url

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

69.1%

JSON

IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.

Affected configurations

Nvd

Node

ibmwebsphere_portalMatch6.0.0.0

ibmwebsphere_portalMatch6.0.0.1

ibmwebsphere_portalMatch6.0.1.0

ibmwebsphere_portalMatch6.0.1.1

ibmwebsphere_portalMatch6.0.1.2

ibmwebsphere_portalMatch6.0.1.3

ibmwebsphere_portalMatch6.0.1.4

ibmwebsphere_portalMatch6.0.1.5

ibmwebsphere_portalMatch6.0.1.6

ibmwebsphere_portalMatch6.1

ibmwebsphere_portalMatch6.1.0.0

ibmwebsphere_portalMatch6.1.0.1

ibmwebsphere_portalMatch6.1.0.2

ibmwebsphere_portalMatch6.1.0.3

ibmwebsphere_portalMatch6.1.0.4

ibmwebsphere_portalMatch6.1.0.5

ibmwebsphere_portalMatch6.1.5.0

ibmwebsphere_portalMatch6.1.5.1

ibmwebsphere_portalMatch6.1.5.2

ibmwebsphere_portalMatch6.1.5.3

ibmwebsphere_portalMatch7.0.0.0

ibmwebsphere_portalMatch7.0.0.1

ibmwebsphere_portalMatch7.0.0.2

ibmwebsphere_portalMatch8.0

ibmwebsphere_portalMatch8.0.0.0

ibmwebsphere_portalMatch8.0.0.1

VendorProductVersionCPE
ibmwebsphere_portal6.0.0.0cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.0.1cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.0cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.1cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.2cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.3cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.4cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.5cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.6cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*
ibmwebsphere_portal6.1cpe:2.3:a:ibm:websphere_portal:6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_portal	6.0.0.0	cpe:2.3:a:ibm:websphere_portal:6.0.0.0:::::::*
ibm	websphere_portal	6.0.0.1	cpe:2.3:a:ibm:websphere_portal:6.0.0.1:::::::*
ibm	websphere_portal	6.0.1.0	cpe:2.3:a:ibm:websphere_portal:6.0.1.0:::::::*
ibm	websphere_portal	6.0.1.1	cpe:2.3:a:ibm:websphere_portal:6.0.1.1:::::::*
ibm	websphere_portal	6.0.1.2	cpe:2.3:a:ibm:websphere_portal:6.0.1.2:::::::*
ibm	websphere_portal	6.0.1.3	cpe:2.3:a:ibm:websphere_portal:6.0.1.3:::::::*
ibm	websphere_portal	6.0.1.4	cpe:2.3:a:ibm:websphere_portal:6.0.1.4:::::::*
ibm	websphere_portal	6.0.1.5	cpe:2.3:a:ibm:websphere_portal:6.0.1.5:::::::*
ibm	websphere_portal	6.0.1.6	cpe:2.3:a:ibm:websphere_portal:6.0.1.6:::::::*
ibm	websphere_portal	6.1	cpe:2.3:a:ibm:websphere_portal:6.1:::::::*

Rows per page:

1-10 of 261

References

www-01.ibm.com/support/docview.wss?uid=swg1PM99205

www-01.ibm.com/support/docview.wss?uid=swg21655656

exchange.xforce.ibmcloud.com/vulnerabilities/88253

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

69.1%

JSON

Related for CVE-2013-5454