5

CVE-2013-6735

Exploit
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Portal Version6.0.0.0
IbmWebsphere Portal Version6.0.0.1
IbmWebsphere Portal Version6.0.1.0
IbmWebsphere Portal Version6.0.1.1
IbmWebsphere Portal Version6.0.1.2
IbmWebsphere Portal Version6.0.1.3
IbmWebsphere Portal Version6.0.1.4
IbmWebsphere Portal Version6.0.1.5
IbmWebsphere Portal Version6.0.1.6
IbmWebsphere Portal Version6.0.1.7
IbmWebsphere Portal Version6.1.0.0
IbmWebsphere Portal Version6.1.0.1
IbmWebsphere Portal Version6.1.0.2
IbmWebsphere Portal Version6.1.0.3
IbmWebsphere Portal Version6.1.0.4
IbmWebsphere Portal Version6.1.0.5
IbmWebsphere Portal Version6.1.0.6
IbmWebsphere Portal Version6.1.5.0
IbmWebsphere Portal Version6.1.5.1
IbmWebsphere Portal Version6.1.5.2
IbmWebsphere Portal Version6.1.5.3
IbmWebsphere Portal Version7.0.0.0
IbmWebsphere Portal Version7.0.0.1
IbmWebsphere Portal Version7.0.0.2
IbmWebsphere Portal Version8.0.0.0
IbmWebsphere Portal Version8.0.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.6% 0.88
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://osvdb.org/101255
http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html
Third Party Advisory
Exploit
VDB Entry
http://secunia.com/advisories/56161
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21660289
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/530552/100/0/threaded
http://www.securityfocus.com/bid/64496
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029539
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/89591
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735
Third Party Advisory
VDB Entry