Main Vulnerability Database Vulnerabilities #VU41002

Input validation error in WebSphere Portal - CVE-2014-6193

Published: December 19, 2014 / Updated: August 9, 2020

Vulnerability identifier: #VU41002

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-6193

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a remote #AU# to manipulate or delete data.

IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack. <a href="http://cwe.mitre.org/data/definitions/91.html">CWE-91: XML Injection (aka Blind XPath Injection)</a>

How to mitigate CVE-2014-6193

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699
http://www-01.ibm.com/support/docview.wss?uid=swg21692107
https://exchange.xforce.ibmcloud.com/vulnerabilities/98567

Input validation error in WebSphere Portal - CVE-2014-6193

Detailed vulnerability description

How to mitigate CVE-2014-6193

Sources

Please verify you're human