ByteOS Network

Source-psirt@us.ibm.com

Published At-22 Dec, 2013 | 15:16

Updated At-11 Apr, 2025 | 00:51

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

Hyperlink	Source	Resource
http://osvdb.org/101255	psirt@us.ibm.com	N/A
http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html	psirt@us.ibm.com	Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/56161	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777	psirt@us.ibm.com	Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21660289	psirt@us.ibm.com	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/530552/100/0/threaded	psirt@us.ibm.com	N/A
http://www.securityfocus.com/bid/64496	psirt@us.ibm.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029539	psirt@us.ibm.com	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/89591	psirt@us.ibm.com	N/A
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735	psirt@us.ibm.com	Third Party Advisory VDB Entry
http://osvdb.org/101255	af854a3a-2127-422b-91ae-364da2661108	N/A
http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/56161	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777	af854a3a-2127-422b-91ae-364da2661108	Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21660289	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/530552/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/64496	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029539	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/89591	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History