CVE-2013-4012IBM Websphere Portal vulnerability

CWE-2643 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 43.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Portal
Timeline
PublishedDec 22
Latest updateMay 17

Description

IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 6.8 | Impact: 4.9

Affected Packages1 packages

NVDibm/websphere_portal8.0.0.0, 8.0.0.1+1

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-prp4-9j5q-75c3: IBM WebSphere Portal 82022-05-17
CVEList
CVE-2013-4012: IBM WebSphere Portal 82013-12-22
CVE-2013-4012 — IBM Websphere Portal vulnerability | cvebase