IBM872916A5EFB20FAABE55F0AAAEBF871B157B22E8DB4FDDB6D3CB02CEC9135FECSecurity Bulletin: WebSphere Dashboard Framework contains a vulnerability that allows file access and deletion.
EPSS
Percentile
65.7%
Summary
WebSphere Dashboard Framework contains a vulerability in a charting feature
used to access and delete generated images in a temporary folder. A fix has been created
that removes the vulnerability.
Vulnerability Details
WebSphere Dashboard Framework contains a vulnerability in a charting feature used to
access and delete generated images in a temporary folder. In general this charting feature
would be protected by security constraints that limit its use to authenticated users.
However, it is possible that customers may misconfigure these security constraints
allowing unauthenticated access to the feature. Itβs also possible that an authenticated yet
malicious user could employ the feature to retrieve and delete files.
CVE ID: CVE-2013-6728
Description: WebSphere Dashboard Framework contains a vulnerability that allows file
access and deletion.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89283> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)
Affected Products and Versions
WebSphere Dashboard Framework versions 6.1.5 and 7.0.1.
Remediation/Fixes
For WDF 6.1.5 install APAR LO78265. For WDF 7.0.1 install APAR LO78266. These
APARs can be obtained from IBM support.
Workarounds and Mitigations
none
Related
EPSS
Percentile
65.7%