Lucene search

[email protected]NVD:CVE-2013-6735

HistoryDec 22, 2013 - 3:16 p.m.

CVE-2013-6735

2013-12-2215:16:04

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.005

Percentile

76.6%

JSON

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

Affected configurations

Nvd

Node

ibmwebsphere_portalMatch6.0.0.0

ibmwebsphere_portalMatch6.0.0.1

ibmwebsphere_portalMatch6.0.1.0

ibmwebsphere_portalMatch6.0.1.1

ibmwebsphere_portalMatch6.0.1.2

ibmwebsphere_portalMatch6.0.1.3

ibmwebsphere_portalMatch6.0.1.4

ibmwebsphere_portalMatch6.0.1.5

ibmwebsphere_portalMatch6.0.1.6

ibmwebsphere_portalMatch6.0.1.7

ibmwebsphere_portalMatch6.1.0.0

ibmwebsphere_portalMatch6.1.0.1

ibmwebsphere_portalMatch6.1.0.2

ibmwebsphere_portalMatch6.1.0.3

ibmwebsphere_portalMatch6.1.0.4

ibmwebsphere_portalMatch6.1.0.5

ibmwebsphere_portalMatch6.1.0.6

ibmwebsphere_portalMatch6.1.5.0

ibmwebsphere_portalMatch6.1.5.1

ibmwebsphere_portalMatch6.1.5.2

ibmwebsphere_portalMatch6.1.5.3

ibmwebsphere_portalMatch7.0.0.0

ibmwebsphere_portalMatch7.0.0.1

ibmwebsphere_portalMatch7.0.0.2

ibmwebsphere_portalMatch8.0.0.0

ibmwebsphere_portalMatch8.0.0.1

VendorProductVersionCPE
ibmwebsphere_portal6.0.0.0cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.0.1cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.0cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.1cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.2cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.3cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.4cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.5cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.6cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*
ibmwebsphere_portal6.0.1.7cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_portal	6.0.0.0	cpe:2.3:a:ibm:websphere_portal:6.0.0.0:::::::*
ibm	websphere_portal	6.0.0.1	cpe:2.3:a:ibm:websphere_portal:6.0.0.1:::::::*
ibm	websphere_portal	6.0.1.0	cpe:2.3:a:ibm:websphere_portal:6.0.1.0:::::::*
ibm	websphere_portal	6.0.1.1	cpe:2.3:a:ibm:websphere_portal:6.0.1.1:::::::*
ibm	websphere_portal	6.0.1.2	cpe:2.3:a:ibm:websphere_portal:6.0.1.2:::::::*
ibm	websphere_portal	6.0.1.3	cpe:2.3:a:ibm:websphere_portal:6.0.1.3:::::::*
ibm	websphere_portal	6.0.1.4	cpe:2.3:a:ibm:websphere_portal:6.0.1.4:::::::*
ibm	websphere_portal	6.0.1.5	cpe:2.3:a:ibm:websphere_portal:6.0.1.5:::::::*
ibm	websphere_portal	6.0.1.6	cpe:2.3:a:ibm:websphere_portal:6.0.1.6:::::::*
ibm	websphere_portal	6.0.1.7	cpe:2.3:a:ibm:websphere_portal:6.0.1.7:::::::*

Rows per page:

1-10 of 261

References

osvdb.org/101255

packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html

secunia.com/advisories/56161

www-01.ibm.com/support/docview.wss?uid=swg1PI07777

www-01.ibm.com/support/docview.wss?uid=swg21660289

www.securityfocus.com/archive/1/530552/100/0/threaded

www.securityfocus.com/bid/64496

www.securitytracker.com/id/1029539

exchange.xforce.ibmcloud.com/vulnerabilities/89591

www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735