Lucene search

IbmCVE-2013-6730

HistoryMar 04, 2014 - 10:55 p.m.

CVE-2013-6730

2014-03-0422:55:03

CWE-264

ibm

web.nvd.nist.gov

ibm

websphere

portal

security

bypass

read restrictions

cve-2013-6730

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

59.8%

JSON

IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results.

Affected configurations

Nvd

Node

ibmwebsphere_portalMatch6.1.0.0

ibmwebsphere_portalMatch6.1.0.1

ibmwebsphere_portalMatch6.1.0.2

ibmwebsphere_portalMatch6.1.0.3

ibmwebsphere_portalMatch6.1.0.4

ibmwebsphere_portalMatch6.1.0.5

ibmwebsphere_portalMatch6.1.0.6

ibmwebsphere_portalMatch6.1.5.0

ibmwebsphere_portalMatch6.1.5.1

ibmwebsphere_portalMatch6.1.5.2

ibmwebsphere_portalMatch6.1.5.3

ibmwebsphere_portalMatch7.0.0.0

ibmwebsphere_portalMatch7.0.0.1

ibmwebsphere_portalMatch7.0.0.2

ibmwebsphere_portalMatch8.0.0.0

ibmwebsphere_portalMatch8.0.0.1

VendorProductVersionCPE
ibmwebsphere_portal6.1.0.0cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.1cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.2cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.3cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.4cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.5cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.0.6cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.0cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.1cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.1.5.2cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_portal	6.1.0.0	cpe:2.3:a:ibm:websphere_portal:6.1.0.0:::::::*
ibm	websphere_portal	6.1.0.1	cpe:2.3:a:ibm:websphere_portal:6.1.0.1:::::::*
ibm	websphere_portal	6.1.0.2	cpe:2.3:a:ibm:websphere_portal:6.1.0.2:::::::*
ibm	websphere_portal	6.1.0.3	cpe:2.3:a:ibm:websphere_portal:6.1.0.3:::::::*
ibm	websphere_portal	6.1.0.4	cpe:2.3:a:ibm:websphere_portal:6.1.0.4:::::::*
ibm	websphere_portal	6.1.0.5	cpe:2.3:a:ibm:websphere_portal:6.1.0.5:::::::*
ibm	websphere_portal	6.1.0.6	cpe:2.3:a:ibm:websphere_portal:6.1.0.6:::::::*
ibm	websphere_portal	6.1.5.0	cpe:2.3:a:ibm:websphere_portal:6.1.5.0:::::::*
ibm	websphere_portal	6.1.5.1	cpe:2.3:a:ibm:websphere_portal:6.1.5.1:::::::*
ibm	websphere_portal	6.1.5.2	cpe:2.3:a:ibm:websphere_portal:6.1.5.2:::::::*

Rows per page:

1-10 of 161

References

www-01.ibm.com/support/docview.wss?uid=swg1PI07185

www-01.ibm.com/support/docview.wss?uid=swg21665915

exchange.xforce.ibmcloud.com/vulnerabilities/89363

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

59.8%

JSON

Related for CVE-2013-6730