Vulnerability Description
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Portal | 8.0.0.0 |
| Ibm | Content Template Catalog | 4.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172
- http://www-01.ibm.com/support/docview.wss?uid=swg21660011PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85618
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172
- http://www-01.ibm.com/support/docview.wss?uid=swg21660011PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85618
FAQ
What is CVE-2013-4012?
CVE-2013-4012 is a vulnerability with a CVSS score of 4.9 (MEDIUM). IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which al...
How severe is CVE-2013-4012?
CVE-2013-4012 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4012?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Portal, Ibm Content Template Catalog.