CVE-2013-6316IBM Websphere Portal vulnerability

CWE-2643 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 47.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Portal
Timeline
PublishedDec 22
Latest updateMay 17

Description

IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_portal5 versions+4

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-46mw-pjxm-4rwh: IBM WebSphere Portal 72022-05-17
CVEList
CVE-2013-6316: IBM WebSphere Portal 72013-12-22
CVE-2013-6316 — IBM Websphere Portal vulnerability | cvebase