WebSphere Dashboard Framework contains a vulerability in a charting feature
used to access and delete generated images in a temporary folder. A fix has been created
that removes the vulnerability.
WebSphere Dashboard Framework contains a vulnerability in a charting feature used to
access and delete generated images in a temporary folder. In general this charting feature
would be protected by security constraints that limit its use to authenticated users.
However, it is possible that customers may misconfigure these security constraints
allowing unauthenticated access to the feature. Itβs also possible that an authenticated yet
malicious user could employ the feature to retrieve and delete files.
CVE ID: CVE-2013-6728
Description: WebSphere Dashboard Framework contains a vulnerability that allows file
access and deletion.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89283> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)
WebSphere Dashboard Framework versions 6.1.5 and 7.0.1.
For WDF 6.1.5 install APAR LO78265. For WDF 7.0.1 install APAR LO78266. These
APARs can be obtained from IBM support.
none