SB2012113001 - Multiple vulnerabilities in IBM WebSphere Portal

Description

This security bulletin contains information about 2 vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-3016)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.

2) Path traversal (CVE-ID: CVE-2012-4834)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to read arbitrary files via a crafted URI.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• http://www-01.ibm.com/support/docview.wss?uid=swg21647344
• https://exchange.xforce.ibmcloud.com/vulnerabilities/84350
• http://secunia.com/advisories/51281
• http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344
• http://www.ibm.com/support/docview.wss?uid=swg21617713
• http://www.ibm.com/support/docview.wss?uid=swg24033155
• http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354
• https://exchange.xforce.ibmcloud.com/vulnerabilities/78914