Main Vulnerability Database Vulnerabilities #VU41226

Information disclosure in WebSphere Portal - CVE-2014-4761

Published: October 10, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41226

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-4761

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.

How to mitigate CVE-2014-4761

Install update from vendor's website.

Sources

http://secunia.com/advisories/61126
http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104
http://www-01.ibm.com/support/docview.wss?uid=swg21684652
https://exchange.xforce.ibmcloud.com/vulnerabilities/94658

Information disclosure in WebSphere Portal - CVE-2014-4761

Detailed vulnerability description

How to mitigate CVE-2014-4761

Sources

Please verify you're human