CVE-2013-6735

Опубликовано: 22 дек. 2013

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

Ссылки

http://osvdb.org/101255
http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://secunia.com/advisories/56161
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21660289
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/530552/100/0/threaded
http://www.securityfocus.com/bid/64496
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029539
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/89591
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735
Third Party Advisory
VDB Entry
http://osvdb.org/101255
http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://secunia.com/advisories/56161
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21660289
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/530552/100/0/threaded
http://www.securityfocus.com/bid/64496
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029539
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/89591
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01255

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-367j-phrj-8hv2

github

больше 3 лет назад