Main Vulnerability Database Vulnerabilities #VU42359

Information disclosure in WebSphere Portal - CVE-2013-5454

Published: November 18, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42359

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-5454

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.

How to mitigate CVE-2013-5454

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg1PM99205
http://www-01.ibm.com/support/docview.wss?uid=swg21655656
https://exchange.xforce.ibmcloud.com/vulnerabilities/88253

Information disclosure in WebSphere Portal - CVE-2013-5454

Detailed vulnerability description

How to mitigate CVE-2013-5454

Sources

Please verify you're human