Main Vulnerability Database Vulnerabilities #VU36913

Credentials management in WebSphere Portal - CVE-2013-2951

Published: July 11, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36913

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-2951

CWE-ID: CWE-255

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.

How to mitigate CVE-2013-2951

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg21642097
https://exchange.xforce.ibmcloud.com/vulnerabilities/83621

Credentials management in WebSphere Portal - CVE-2013-2951

Detailed vulnerability description

How to mitigate CVE-2013-2951

Sources

Please verify you're human