Vulnerability Description
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Portal | 7.0.0.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/51281Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354Vendor Advisory
- http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_themePatchVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21617713PatchVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg24033155PatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78914Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/51281Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354Vendor Advisory
- http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_themePatchVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21617713PatchVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg24033155PatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78914Third Party AdvisoryVDB Entry
FAQ
What is CVE-2012-4834?
CVE-2012-4834 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files ...
How severe is CVE-2012-4834?
CVE-2012-4834 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4834?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Portal.