CVE-2013-6735

Sažetak

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

Reference

http://osvdb.org/101255
http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html
http://secunia.com/advisories/56161
http://www.securityfocus.com/archive/1/530552/100/0/threaded
http://www.securityfocus.com/bid/64496
http://www.securitytracker.com/id/1029539
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777
http://www-01.ibm.com/support/docview.wss?uid=swg21660289
https://exchange.xforce.ibmcloud.com/vulnerabilities/89591
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-10-2018 - 19:34

Objavljeno

22-12-2013 - 15:16