CVE-2013-6735

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
ibmwebsphere_portal
6.0.0.0
ibmwebsphere_portal
6.0.0.1
ibmwebsphere_portal
6.0.1.0
ibmwebsphere_portal
6.0.1.1
ibmwebsphere_portal
6.0.1.2
ibmwebsphere_portal
6.0.1.3
ibmwebsphere_portal
6.0.1.4
ibmwebsphere_portal
6.0.1.5
ibmwebsphere_portal
6.0.1.6
ibmwebsphere_portal
6.0.1.7
ibmwebsphere_portal
6.1.0.0
ibmwebsphere_portal
6.1.0.1
ibmwebsphere_portal
6.1.0.2
ibmwebsphere_portal
6.1.0.3
ibmwebsphere_portal
6.1.0.4
ibmwebsphere_portal
6.1.0.5
ibmwebsphere_portal
6.1.0.6
ibmwebsphere_portal
6.1.5.0
ibmwebsphere_portal
6.1.5.1
ibmwebsphere_portal
6.1.5.2
ibmwebsphere_portal
6.1.5.3
ibmwebsphere_portal
7.0.0.0
ibmwebsphere_portal
7.0.0.1
ibmwebsphere_portal
7.0.0.2
ibmwebsphere_portal
8.0.0.0
ibmwebsphere_portal
8.0.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/101255
http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html
http://secunia.com/advisories/56161
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777
http://www-01.ibm.com/support/docview.wss?uid=swg21660289
http://www.securityfocus.com/archive/1/530552/100/0/threaded
http://www.securityfocus.com/bid/64496
http://www.securitytracker.com/id/1029539
https://exchange.xforce.ibmcloud.com/vulnerabilities/89591
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735
http://osvdb.org/101255
http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html
http://secunia.com/advisories/56161
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777
http://www-01.ibm.com/support/docview.wss?uid=swg21660289
http://www.securityfocus.com/archive/1/530552/100/0/threaded
http://www.securityfocus.com/bid/64496
http://www.securitytracker.com/id/1029539
https://exchange.xforce.ibmcloud.com/vulnerabilities/89591
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735